|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Advice for a spreadsheet macro that calls home?
From: marc spamcatcher (junk
zounds.net)
Date: Fri Feb 11 2005 - 13:18:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A client wants to find out who is accessing some confidential data on his
machine. Looks like an inside job, the IT staff reading an .xls.
We have a few approaches to this investigation (for instance, putting a
string token in the file, and using Snort to watch for it).
Putting a 'call-home' macro in the file seems like a good bet, since
the file could be pulled in many ways, but must be opened for
reading. I'm thinking that when the file is opened, a network connection
to a server is opened, and then we know when and where it was opened from.
I haven't read any VB code since looking at the Laroux macro
virus. But this seems like an easy bit of code to plant in an excel
spreadsheet. Especially if i found some trojan/worm code to steal from.
Are there tools/worms that do this already I should look at? Am I
over-looking some problems?
thanks,
marc bayerkohler
http://zounds.net/images/marcemailaddy.gif
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]