Would somebody tell me something about the MX97:CVE-2008-0081 trojan/exploit ? We may have it hiding somewhere on my company’s file server. When a particular user here logs into another employee’s workstation, Avast complains about three occurrences of this trojan, apparently as his files are synchronizing to the local computer, as part of Windows’ “Offline Files” feature. Obviously, he’s banned from doing this again until the problem is sorted out.
I’m just beginning to investigate. MX97:CVE-2008-0081 initially uses an Excel security hole, and the files Avast has in its Virus Chest are definitely Excel files. The problem is that these files don’t match the size of anything on the server, and both bulk scans and manual scans of the files yield absolutely nothing. The server is using an up-to-date copy of Avast 4.8 Server Edition.
I’m trying to understand more about how this trojan hides and how it propagates. Maybe the answer is really simple, but so far I’m puzzled.
Thanks for any ideas,
Todd