Trojan Exploiting Microsoft Excel Vulnerability

US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.

US-CERT encourage users to do the following to help mitigate the risk:

• Review Microsoft Security Advisory 947563 for workarounds.
• Do not open unsolicited or untrusted email messages.
• Use caution when opening email attachments.
• Block executable files and unknown file types at the email gateway.
• Install anti-virus software, and keep its virus signature files up-to-date.
• Review the US-CERT Cyber Security Tip - Using Caution with Email Attachments.