Hackers are exploiting a bug in Microsoft Excel which was first detected in Japan by Symantec where a trojan is downloaded if the infected Excel file is open.


The trojan is called “Trojan.Mdropper.AC” by Symantec, uses a weak encryption to make detection harder by some antivirus software. The actual motive of the trojan is still unknown.

Products affected are:

  • Microsoft Office 2000/2002/2003/2007
  • Microsoft Office 2004/2008 for Mac
  • Microsoft Exel Viewer 
  • Open XML File Format Converter for Mac

If the trojan failed to execute properly, it will crash the Excel application according to this SecurityFocus write up. And one condition for the attack to be successful will require administrative rights during execution.

As of now there is no patch for this Excel bug, however, Microsoft advised some workarounds. One of them is to use Microsoft Office Isolated Conversion Environment (MOICE) or to use Microsoft Office File Block policy.

In addition to that, make sure your antivirus software is up-to-date and when browsing the Internet, use an account that do not have administrative rights.

Update 03/26: Users of Forefront Client Security and Windows Live OneCare safety scanner can now detect this trojan with the name  Exploit:Win32/Evenex.gen.