HACKERS WEAPONIZE LITTLE-KNOWN .IQY EXCEL SCRIPTS

June 17, 2018

Windows and its Office progeny may be approaching middle age, but like mischievous teens, they always seem to be up to something new – or, rather, the hackers that have specialized in breaking through PC defenses are always finding new things to exploit. The latest exploit is based on a little-known (until now) file format, called .IQY – Internet Query Files, which work with Excelto download content from the web and insert it into the worksheet.

IQY file icon on
Windows platforms

.IQY files are very small text files, and generally are used to insert data or text into an Excel spreadsheet from a remote source. Until now they have not been used in malware attacks – so AV programs have generally ignored them. This has given hackers an opportunity to pull off a major campaign, injecting DDE commands into Excel spreadsheets – bypassing active defenses and security solutions.

Those commands, true to their name, contact a malicious web server that installs a RAT, a remote administration tool called FlawedAmmyy that hackers can use to control a system. The .IQY files are embedded in spam e-mail distributed by the Necurs botnet, best known for distributing the Locky ransomware tool. The attack was first noticed on May 25th, according to IBM X-Force Exchange, when Necurs sent out tens of thousands of spam messages containing the poison .IQY files, as an attachment.

To protect themselves, users should have Office Protected View up and running, which will block the .IQY file from injecting the malware, unless the user approves. In addition, users should make a note of documents asking for their approval to “update data within the spreadsheet” that, too, can be a sure sign that the new .IQY attack has reached them. As usual, vigilance is the best defense to ensure online safety.

 

Votiro customers are protected from this kind of attack as Votiro’s Disarmer handles IQY files with ease. Have a free test of our capabilities here.

Close

Pick What Works for You

Get a Free Trial
Try our protection services
for 30 days. No commitment.

Schedule a Demo
Let us know when and we’ll
set up the full experience
Schedule a Demo

Let’s Talk!
We would love to
hear from you

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Privacy policy

Let’s Start

Secure Your Digital Journey