Penetration Testing mailing list archives
Advice for a spreadsheet macro that calls home?
From: marc spamcatcher <junk () zounds net>
Date: Fri, 11 Feb 2005 13:18:51 -0600 (CST)
A client wants to find out who is accessing some confidential data on his machine. Looks like an inside job, the IT staff reading an .xls. We have a few approaches to this investigation (for instance, putting a string token in the file, and using Snort to watch for it). Putting a 'call-home' macro in the file seems like a good bet, since the file could be pulled in many ways, but must be opened for reading. I'm thinking that when the file is opened, a network connection to a server is opened, and then we know when and where it was opened from. I haven't read any VB code since looking at the Laroux macro virus. But this seems like an easy bit of code to plant in an excel spreadsheet. Especially if i found some trojan/worm code to steal from. Are there tools/worms that do this already I should look at? Am I over-looking some problems? thanks, marc bayerkohler http://zounds.net/images/marcemailaddy.gif
Current thread:
- Advice for a spreadsheet macro that calls home? marc spamcatcher (Feb 11)
- RE: Advice for a spreadsheet macro that calls home? Omar Herrera (Feb 13)
- RE: Advice for a spreadsheet macro that calls home? Dario Ciccarone (Feb 17)
- RE: Advice for a spreadsheet macro that calls home? Omar Herrera (Feb 13)