Yesterday I've spotted the following article on the digg frontpage: PacMan written entirely in Excel. On the page it linked too I've found two games written in Excel and VBA (Visual Basic for Applications – the stuff macro viruses are written in). What is interesting that as of the time of me writing this there is one and only one security related comment (toward the very end of the page) and even that is just complaining about the fact that it doesn't work for him, because his security levels are set too high. So is a little fun worth running arbitrary code on your machine? It seems that for many it is.
If you still feel the urge to open these files, at least do the following precautions:
- First try opening it in OpenOffice.org so if it an other 0-day for Excel, maybe it will crash OO / give a warning about the file being invalid (this is based on the fact that it's very hard to write exploits that work across different programs)
- Now set your macro security to high in Excel (Tools -> Options -> Security -> Macro Security) and open the file. Open the Visual Basic Editor (Alt + F11) and browse through the source code.
- If you didn't find any suspicious stuff, set the macro security back to medium, open the files, enable the macros and enjoy the game (hopefully you are not running as administrator).
The direct link to the files is:
- http://www1.plala.or.jp/chikada/vba/pac/pacelle.zip
- http://www1.plala.or.jp/chikada/vba/cellvader/cellvader_e.zip
The version which I've downloaded and look through seemed clean (disclaimer: I haven't done an in-depth analysis on them, so you should check for yourself). In case the archives get swapped out, the ones I've looked through have the hashes (courtesy of fileformat.info):
- Size 297640
MD5 08ffc69f00aa3704e98f62685a980f65
SHA-1 e6e2967c0c4c6e116e601765d02b84aace387a8f - Size 198209
MD5 14092473d3b60a602af67938653099cd
SHA-1 f0adc08f092684c04e4cd87dae8bd95b3f01bfc8
0 comments:
Post a Comment
You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.