Sudoku–Based Malware Puzzlingly Antiquated
If you like to play Sudoku on your computer, watch out: A Microsoft Excel-based Sudoku generator is infecting computers in order to collect and relay system information to a criminal's email address.
Peter Szabo from SophosLabs characterized the malware as a "blast from the past" because the exploit requires macros, application-specific scripts that in Excel allow users to create equations based on values in different columns and rows.
In the 1990s, when macro exploits were the bread and butter of cybercrime, Microsoft mitigated the problem by turning off Visual Basic, its scripting language, by default.
To get around that obstacle, the creators of this puzzling program "tip" users on how to turn Visual Basic back on. Once activated, the Sudoku generator works, but behind that, malicious Visual Basic-based scripts download data-stealing malware.
Once the bug has collected a machine's IP address, running processes, installed applications and a host of other details, it encodes and sends the information to an email address with an aol.com suffix.
It's unclear how the pernicious puzzle bug gets onto victims' computers in the first place, but users can avoid compromising their machines simply by not allowing Visual Basic to run.
There is no way to completely protect yourself when it comes to playing Sudoku online, so threats are best mitigated by solving brain teasers the old-fashioned way: on paper.
Follow Ben on Twitter @benkwx.