Excel Email Virus Damage Control

[mr_zen256]

Hi all - A work colleague has inadvertently opened a malicious Excel email document and I am trying to gauge what kind of damage may have been caused and any further measures we need to take. The colleague has already had a good grilling and a crash course in email security 101.

When they opened the file, excel listed documents and files on the persons PC. I didn't get a chance to see this document while it was open so am unable to elaborate on that further.

We have scanned the file locally with Malwarebytes and it didn't report and threats. When uploading the document to virustotal.com, only 1 of 59 engines reported a threat "UDS: DangerousObject.Multi.Generic"

Any suggestions on how to determine what data / info may have been breached?

 

[Vengance_01]

Pull the drive and then put it into a machine that isolated from the network so you can do some testing without worry.

 

[Dead Parrot]

If you have a edge security device, pull logs and see if that workstation sent data offsite. If data was sent out of the building, depending on the data on that person's PC, you may have to file a data breech report with the local authorities and contact your insurance company about setting up identity monitoring services for customers whose data was sent out.

If you got lucky and nothing left the building, count your blessings and then ask why the email scanner didn't pickup and terminate the malicious document.

 

[mr_zen256]

After further investigation, it looks like the Excel script was a downloader. Thankfully the script was not triggered so no malware was able to infect the workstation. I would like to think that Malwarebytes would have blocked it if it had managed to run.

Definitely a close shave.