Microsoft implicitly agreed last spring when it said that the Excel-based attack could not have worked on PCs running Office 2010, which automatically enables DEP.
Microsoft also published a security advisory shortly after RSA confirmed the attack, telling users that they could protect their PCs by switching on DEP in older versions of Office using the Enhanced Mitigation Experience Toolkit (EMET).
Instructions for switching on DEP in Windows XP SP2 and SP3 are available on Microsoft's website.
Researchers suspect that the RSA attack originated in China , based on the location of the malware's command-and-control (C&C) servers and other evidence.
RSA did not immediately reply to a request for comment or confirmation of Branco's analysis.
Sign up for Computerworld eNewsletters.