[Tired of typin[[www.rei.com is an IBM e-business. Click here.].] Click Here www.rei.com is an IBM e-business. Click here. --------------------------------------------------------------------------- [CNNin] [COMPUTING] MAIN PAGE ---------------------------------------------------------- WORLD [Hackers - Insurgency on the Internet] U.S. Main Page | Bracing for Cyberwar | Hacking Primer | LOCAL Scenes from the 'Hacker Underground' | Hacking: Two Viewpoints | Timeline | Gallery | News Archive | POLITICS Discussion | Related Sites WEATHER BUSINESS From... SPORTS [Computerworld] SCI-TEC[Image] computing E-mail doesn't have to be opened to release virus personal May 13, 1999 [virus graphic] technology Web posted at: 12:13 p.m. EDT (1613 GMT) space NATURE by Deborah Radcliff ENTERTAINMENT (IDG) -- "Suppose it's possible to send an e-mail BOOKS containing a hidden construct," said an information TRAVEL security director. "And when the user opens that e-mail, FOOD the construct will run without the user ever knowing HEALTH anything." STYLE Imagine those constructs can do anything their creator IN-DEPTH wants them to: Secretly copy and download proprietary ---------------- information, delete the BIOS or reformat your machine. custom news It's real. The security director, who asked for Headline News anonymity, was talking about Russian New Year with a brief twist. daily almanac CNN networks Discovered in January, Russian New Year exploits the CNN programs Microsoft Excel CALL functions used to call other Excel functions such as create, write, close, execute and sum. on-air transcripts So what's the twist? Originally, the only way to contract news quiz the virus was to visit a Web page and click an HTML link. Now, Russian New Year can be sent via mass mail programs, CNN WEB with the link embedded or as an attachment. Newer browser SITES: programs will automatically execute CALL to fetch the [CNN Websites] embedded document or prepare to open the attachment -- so the e-mail recipient needn't even open the e-mail to get infected. PATHFINDER MORE COMPUTING SITES: "Russian New Year is a way of INTELLIGENCE attacking you without you knowing you've been attacked. It really IDG.net home MORE SERVICES: does this," said Ira Winkler, [IDG.net] page video on president of Severna Park, demand Md.-based Information Security Computerworld's home video archive Advisors Group and author of page audio on Corporate Espionage (Prima Computerworld Year demand Publishing, 1997). 2000 resource center news email The good news: There are no known Computerworld's services reports of Russian New Year online subscription free email attacks on enterprises. And center accounts that's why most folks just don't Reviews & in-depth desktop want to talk about it -- they're info at IDG.net headlines afraid of letting the cat out of IDG.net's personal pointcast the bag. "If Russian New Year news page wasn't publicized, people might pagenet not exploit it. On the other Year 2000 World hand, there are a lot of users DISCUSSION: who are vulnerable," Winkler Questions about message boards said. computers? Let IDG.net's editors help chat you Now the bad news. The hack is so feedback subtle, it's likely that if they Subscribe to have been hit, security IDG.net's free daily SITE GUIDES: administrators don't know it. newsletter for IT help Excel spreadsheets, for example, leaders contents could be easily and secretly Search IDG.net in 12 copied to a browser, according to search an April 17 alert issued by languages Finjan Software Ltd., an News Radio FASTER ACCESS: Israel-based maker of mobile code europe security software [*] Computerworld Minute japan (www.finjan.com/rny/rny1.cfm). Fusion audio Sneak attack [*] primers WEB SERVICES: [Image] Under certain conditions, users wouldn't have to manually open HTML attachments or click on embedded links to let the [bn.com] attack in. "Russian New Year gives attackers the ability to deliver [Image] any payload they want," said Penny Leavy, Finjan's senior vice president of global marketing. "Your antivirus software won't catch this. Your firewall won't catch this." [Image] [Hackers] More bad news: The attack is * Bracing for difficult to prevent. Microsoft Corp. Cyberwar has patches, but only for Excel 97. * Hacking Primer If your users are running Excel 95, * Scenes from the you must first upgrade them to Office 'Hacker 97, then load service releases 1 and Underground' 2, then load the patch -- which * Hacking: Two pretty much kills the CALL function Viewpoints altogether. * Timeline * Gallery "Until vendors configure Web browsers * News Archive to not allow embedded Excel CALL * Discussion functions, this problem really can't be fixed unless you cancel your Excel CALL functions," Winkler said. Unfortunately, "some people ... use the CALL function all the time," he added. Financial services firms, for example, rely on CALL to import data from their enterprise resource planning software databases into spreadsheets, Leavy said. The simplest fix is education. Remind users not to open HTML attachments or click embedded links in e-mail files unless they explicitly trust the source, Winkler said. But there's another possible diabolical twist, he adds: If New Year is teamed up with the mass-mailing technology behind the recent Melissa virus, the e-mail will appear to come from a trusted source. Leavy suggests raising browser-security levels and configuring dialog boxes to send alerts when a program or a Web site is set to call other functions. Because there's no simple way to block Russian New Year, Winkler advises information technology managers to ask, "Is the benefit of using CALL functions worth more than the potential risk of using them?" Radcliff is a freelance writer in the San Francisco area. Her Internet address is derad@aol.com. ---------------------------------------------------------- SPECIAL: Insurgency on the Internet ---------------------------------------------------------- RELATED STORIES: White House Web site back online May 12, 1999 DOD overhauls network to thwart hackers May 4, 1999 Chernobyl virus wreaks havoc in parts of Asia April 27, 1999 ---------------------------------------------------------- RELATED IDG.net STORIES: Disgruntled employees: The newest kind of hacker (Computerworld) NATO reinforces against Net attacks from Serbs (Computerworld) Y2K may mask hacker attacks (Computerworld) Why Melissa virus was good for IT (Computerworld) Cyberterrorism is a serious threat (Computerworld) Note: Pages will open in a new browser window External sites are not endorsed by CNN Interactive. ---------------------------------------------------------- RELATED SITES: Finjan Software: Russian New Year Attack Note: Pages will open in a new browser window External sites are not endorsed by CNN Interactive. LATEST HEADLINES: WORLD: NATO dismisses reports of Yugoslav troop withdrawals Duma opens Yeltsin impeachment debate Netanyahu stumps among core supporters as vote nears US: Reno defends computer-search caution in spy case Justice Department sues American Airlines for allegedly trying to monopolize traffic at Dallas-Fort Worth Detective cross-examined in N.Y. torture trial SCI TECH: E-mail doesn't have to be opened to release virus ENTERTAINMENT: 'Star Wars' fans jam theater lines, phone lines for tickets SPORTS: Golf legend Gene Sarazen dead at 97 Rafter pounds Agassi at Italian Open; Kafelnikov upset BUSINESS: DOJ clips American Air Cleveland Indians for sale Mortgage rates up again ------------------------------------ [Image] Launch CNN's Desktop Ticker and get the latest news, delivered right on your desktop! Today on CNN SEARCH CNN.com Enter keyword(s) go help --------------------------------------------------------------------------- Back to the top © 1999 Cable News Network. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines.