[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Having just updated a Linux mail server to reject ".xll" file attachments in emails I got to wondering if this is a new vector for infection, or just under used? I received a couple of emails today with .XLL attachments, obviously malicious. XLL files have been around since the 90s, but this is the first time I added it to my filter, and I usually cull unusual file attachments actually used in malware campaigns to stop others without a need for the format from tripping up too easily. Obviously doing this in a mail server doesn't stop people sending it via encrypted emails, emails with links, file shares, torrents, etc, but does stop simple attachments. The users needing protection most are the ones least likely to be able to save and decrypt an encrypted attachment. A quick search brought it up as being used for malware in July 2021 via a different attack vector, so I'm guessing that has attracted attention to the format's utility for infection of Excel users. https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/ 27618/ -- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq