Allowing #XLSM and #XLSB files ? Stop it to save your Infra

XLS Jun 29, 2020

I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !!

Following images are from a malware packer, possibly related with latest #Zloader and other infections.

Credit @DissectMalware

From the 2nd screenshot it is clear that XLSM and XLSB files are always fully undetectable ( FUD ) by Anti Viruses and it is easy to evade all other detection measures which we already have seens in multiple variants .

Better safe than sorry !

Tags