[Warning] Malicious file using Excel exploit aiming at South Korean users

1. Introduction

Recently, malicious file aiming at South Korean users using Excel exploit has been found.
Even if sender and receiver of this e-mail is South Korean, sender account seems to be fraudulent account.
Since an excel file, attachment of this e-mail, contains its Excel contents, it's difficult to figure out the status of malicious for general users.
This kind of target attacking technique is trying to attack very sophisticatedly and continuously, so general users need to be careful on downloading attachment.

2. Spreading path and symptoms of infection

This malicious file is aiming at South Korean user; it is disguised as a normal e-mail and attachment. Furthermore, it has its Excel contents and can work additional malicious behavior on executed.

Following figure is the body of e-mail.

Mail body : We are attaching contacts. Thanks.

Attachment "주소록.xls(Contacts.xls)" file exploit Excel vulnerability.
If a victim tries to open that file, additional malicious file will be downloaded.

Upon executed "주소록.xls(Contacts.xls)", victim can see the normal address book contents. But it will download additional malicious file with Excel exploit.

Usually, this kind of target attack uses social engineering with containing important or related contents for making user induce easily. It will download additional "주소록.xls(Contacts.xls)" and malicious files (tasksger.exe, 6to4vcs.dll) will be installed.

C:\Documents and Settings\(User Account)\Local Settings\Temp\주소록.xls (Normal file)
C:\Documents and Settings\(User Account)\Local Settings\Temp\tasksger.exe (Malicious file)
C:\WINDOWS\system32\6to4vcs.dll (Malicious file)

3. How to prevent

Applying latest patch of its application and OS is the most important to avoid from this kind of malicious file.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Exploit/W32.Agent.632832
- Trojan/W32.Agent.9728.MV
- Trojan/W32.Agent.19968.PU


  1. The information you share is very useful keep sharing.
    facebook private video downloader

  2. By the way, it will be useful for you to know why homework does not have to be hard.Especially if you are student and you want to be a teacher in the future.

  3. Our masters and Ph.D. experts have amazing knowledge in all the field. The team of assignment expert at StudentsAssignmentHelp.com offer outstanding Research Topics in Marketing to every students.

  4. Hello Dear, Thanks for sharing the important and awesome information. your blog is nice, i am also a content writer, written most of interesting and informative article for a news website allremark.com, If you want to read Latest Updates and News, please read allremark.

  5. This comment has been removed by the author.

  6. This blog is awesome as well as factual. I have picked up a bunch of helpful things out of this source. Get Online Assignment

  7. Nice blog and absolutely outstanding. I like this blog & I like the topic and thinking of making it right. Thanks for sharing this valuable post.

  8. Excellent information on your blog, thank you for taking the time to share with us such a nice post..Online Free Horoscope


  9. This is really great,unique and very informitive post, I like it. I may need to bookmark the page,
    Noisemakers | fakazavibes

  10. Thanks a lot for the kind of perfect topic I have not a lot of information about it but I have got an extra unique info in your unique post. Visit my blog Web Solution Winner Read More Web Solution Winner Blog UK

  11. Your website is very good. All the information given by you is very accurate and correct. Whenever I come to your blog, I get all the necessary information.
    If you want the report of the winning team, session, long innings of the cricket match, Cricket Betting Tips Free

  12. After reading this article we can avoid from cheating of hacker.Dissertation VS Thesis

  13. Such a good article with knowledge base information. We also share you this link Thebuildcard to get know the details of your desire.

  14. They give cautious and ideal data on an enormous party of subjects. Despite whether you need understanding on legitimate issues or business or are an invigorated progress buff, the most recent international news can be had at the snap of a catch. mediosindependientes

  15. The content of your article page click game, I find the content quite interesting and useful to me, thank you for sharing

  16. I am really very happy to visit your blog. Now I am found which I actually want.I check your blog every day and try to learn something from your blog.
    Please keep it up to date like this. Thanks for sharing.
    McAfee is the ultimate cyber security software range that keeps your devices protected round the clock. Although set up for any application is a time consuming and complicated process. However,
    McAfee Live Save activate setup is much simpler and convenient than expected.

  17. Wales publications are well-known publishing solution providers in various disciplines in the UK, Wales Publications serving to scientific organizations worldwide. Contact us for further information and know our best services and deals to achieve your goal.The fast submission process includes rapid publication research in UK that includes unique rapid process, inhouse peer review and 100% acceptance guarantee.