• Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SOLUTIONS
    • M365 Mail Security
    • Managed Certificates
    • 32Guards
    • AS4
  • RESOURCES
    • Documentation
    • Forum
    • Webcast Training
    • Training Courses
    • Support
    • Software Download
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
    • NFR Licenses
  • COMPANY
    • Contact
    • Testimonials
    • Team
    • Career
    • Events
    • Awards
  • PRICES
  • BLOG
    • Blog
    • Newsletter Subscription
  • FREE TRIAL VERSION
    • Price Request
    • Free Trial Version
  • English
    • Deutsch
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Textbasierte CSV-Injection-Angriffe erfolgreich abwehren

Successfully fend off text-based CSV injection attacks

Micha Pekrul
Author: Micha PekrulSaaS Platform Managerhttps://www.linkedin.com/in/micha-pekrul/–Auf LinkedIn vernetzen

Currently, criminals are trying to install malware via text-based CSV files. This was reported this week by security researcher Chris Campbell and the US magazine BleepingComputer. The phishing wave is also known as “CSV Injection“.

04.02.2022|last modified:04.04.2024

Dynamic Data Exchange enables attacks

A feature for the dynamic data exchange (Dynamic Data Exchange or DDE for short) in Microsoft Excel, to which CSV files are usually linked, enables this approach. Microsoft released security enhancements as defense-in-depth measures for Excel in a January 2022 update. In previous updates, such as in 2018, controls were added to allow DDE to be configured in Excel. With the January update, Microsoft disabled DDE in all supported versions of Excel.

CSV Injection - Excel with calc.exe spawned

In order to get a CSV file in Microsoft Excel to start a program like “calc.exe” at all via DDE, you must re-enable the “DDE server start” option in the Trust Center on a fully patched system. As with documents with macro functionality, appropriate notes must be nodded off.

If you have not dealt with the issue of DDE in Microsoft Excel before, now is a good time to take a closer look at this potential threat. For most companies, it should certainly be enough to disable this often rather unknown functionality and roll out the new update.

How to protect yourself from CSV injection attacks with NoSpamProxy

CSV Injection Contentfilter

A CSV file is recognized in the NoSpamProxy file type “Plain text”.

If such CSV files prepared with DDE functionality are sent as attachments via NoSpamProxy, they are correctly recognized as file type “Plain text”. So that you can filter them accordingly in the content filter, you must resort to an AND condition between file type “Plain text” and file name “*.csv”.

CSV Injection Contentfilter Configuration

An AND condition filters on CSV files.

Now you can adjust the content filter according to your own needs. If CSV files are not needed at all in the company, you can reject the email completely. Or you can make a decision with the help of the level-of-trust filter. This distinguishes between trusted and untrusted communication partners. If you have licensed “Larges Files”, you can also separate a CSV file from the e-mail for security purposes, upload the attachment to the Web Portal and have it released there if required.

Basically, since the end of 2018, we propagate the so-called “email firewall“. We recommend to prohibit all files and only selectively – as with a firewall – allow individual required formats. So if in doubt, do not accept CSV files for the time being.

Not yet using NoSpamProxy?

With NoSpamProxy you reliably protect your company against cyber attacks. Request your free trial version now!

Get your free NoSpamProxy trial now
  • share 
  • share 
  • share 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

You need support?

You can find more information about NoSpamProxy in our documentation and forum.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events

NoSpamProxy Newsletter

Subscribe to Newsletter
RSS Feed Logo RSS Feed Logo Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Advanced Threat Protection ATP Preview
    Advanced Threat Protection: NoSpamProxy offers numerous ATP features at no extra charge13.06.2025 - 13:32
  • NoSpamProxy Update
    NoSpamProxy Server 15.5 now available03.06.2025 - 13:00
  • Customer Success Management Tim Kaleja Preview
    Interview: How NoSpamProxy ensures customer satisfaction with strong customer success management26.05.2025 - 10:00
IMPRINT • EULA • Privacy Policy • • © 2025 Net at Work GmbH
  • Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
Link to: NoSpamProxy Cloud with Azure Active Directory: How to customize groups Link to: NoSpamProxy Cloud with Azure Active Directory: How to customize groups NoSpamProxy Cloud with Azure Active Directory: How to customize groupsNoSpamProxy Cloud mit Azure Active Directory Gruppen noch individueller konfigurieren Link to: Automated certificate management with Managed Certificates Link to: Automated certificate management with Managed Certificates Automatisiertes Zertifikatsmanagement mit Managed Certificates PreviewAutomated certificate management with Managed Certificates
Scroll to top Scroll to top Scroll to top