Not-Really-Password-Protected Evasion Technique Resurfaces

Today we came across an e-mail with an Excel Workbook attachment, which upon first inspection appears to be password-protected. The presence of the EncryptedPackage stream in an OLE2 document indicates that it is protected by a password, which obviously would require the user to enter one in order to open the document properly. Or at least that’s what the bad guys would like email or AV scanners to think.

Article Link: http://feedproxy.google.com/~r/cyren/pnbj/~3/p3x5l5fhFDU/not-really-password-protected-evasion-technique-resurfaces