Troj/Maldoc or Exp/1Table.
OLE2 a popular malware delivery mechanism?
12 April 2008
OLE2 (Object Linking and Embedding v2) is a Microsoft container file format which can hold objects of various types in a similar fashion to that files on in a file system. Due to the complex nature of this document format many vulnerabilities in software which opens these files have been found (see CVE-2007-0913, CVE-2007-0870) and are being used by malware authors.
In recent weeks Ive noticed an increase of exploited Word, Excel and Powerpoint files being dealt with by SophosLabs and decided to graph the results. The graph indicates the number of unique samples of OLE2 files being detected by either the Troj/Maldoc or Exp/1Table.
Was this reply helpful? (0) (0)