Web Bugs in native Excel .xlsx files

I had a previous blog post about using the Web Bug Server and Web Bug Documents from the ADHD Distro to conduct an internal phishing campaign (for reporting on who was opening attachments only…nothing really fancy).  I was toying with Excel today, and found I was able to get an Excel file to check in to the Web Bug Server using the method described below…

The following applies to Excel 2010, and the file saved as an xlsx file.  I don’t know if the same applies to newer or older versions of Excel.  I’m assuming it does, but the steps might be slightly different.

Create a new Excel file, and Click the “Data” Tab

Click the “From Web” button, and then enter your Web Bug Server URL into the Address field.  I specified “type=xls” in the url to indicate that my Excel file phoned home to the Web Bug Server.

Click Go, then the little arrow icon in the screenshot below, and then Import

This will result in a cell that looks like this, and you can right-click and Edit Query to see the full URL

Next, go to the “Data” tab, click the down-arrow on the “Refresh All” button and select “Connection Properties…”

On the Connection Properties window, check the box that says “Refresh data when opening the file”.

Now, every time you open the file you should see this message on the bottom of the Excel window, and you will get a new hit on your Web Bug Server with type “xls” every time the Excel file is opened.

Edit: there is 1 caveat here.  When you open the file on a computer for the first time, Excel is going to prompt you with a Security Warning that says “Data connections have been disabled”, and give you the option to Enable them.

Some people may not click on the “Enable Content” button.  But entering some text in the spreadsheet to try to entice them to click it might be all it takes.  Something like “Please click the “Enable Content” button above to view {whatever your target is interested in seeing}.”  As soon as that button is clicked, the file hits the Web Bug Server.