graphic
News > Technology
Excel-related virus revealed
January 5, 1999: 3:11 p.m. ET

Spreadsheet software function can be used to get at PC files, grab passwords
graphic
graphic graphic
graphic
NEW YORK (CNNfn) - Web surfers with the Microsoft Excel spreadsheet software loaded on their PCs were warned Tuesday about a security "hole" that could allow a hacker to steal or destroy their files.
     Finjan Inc., a San Jose, Calif.-based Internet security software firm, said the so-called "Russian New Year" exploit utilizes two legitimate functions of the Excel program - HTML and a function known as CALL. Together, they allow a hacker to secretly plant malicious code on a computer when a surfer visits an otherwise innocuous-looking site.
     The security hole was described as one of the most serious in Internet history.
     "Prior viruses and other malicious attacks required some user participation," said A. Padgett Peterson, Lockheed-Martin Corp.'s corporate information security architect, in a statement released by Finjan. "This vulnerability is the first to allow a malicious outsider to take control of the local machine simply by the user visiting the Web site.
     With the code loaded onto the PC, Finjan said a hacker can then do such things as steal data and private files, grab passwords, attack a computer's security and even blow up the computer's built-in operating system, or BIOS.
     The security hole affects only users who have Excel 95 or 97 loaded on their computers. However, the program itself doesn't need to be running for a hacker to take advantage on it. All Microsoft Internet Explorer browser versions 3.x and 4.x are vulnerable to the hole, as are Netscape browser versions 3.x and 4.x except for Navigator 4.5.
     "The Russian New Year exploit is by far the most serious of the increasing number of mobile code exploits appearing in the last six months," said Bill Lyons, Finjan's president. "We cannot emphasize enough how important it is for anyone conducting electronic commerce to inspect all information coming into their company to look for these types of attacks before they cause damage."
     Computer owners whose Excel program is part of Microsoft Office 97 can install a patch available from the software publisher that eliminates the CALL function. Finjan is also including a way to block any embedded tags from HTML code as part of its SurfinGate blocking software.
     Microsoft, for its part, has indicated that it's aware of the security hole, as demonstrated by the availability of the patch since last month. It also indicated that it doesn't see the problem as being quite as serious as Finjan makes it out to be.
     "We haven't gotten a single customer inquiry on the issue yet," John Duncan, a product manager in Microsoft's Office group, is quoted by The Wall Street Journal as saying.
     Microsoft shares were up 6-1/8 to 147-1/8 in Tuesday afternoon trading.Back to top

  RELATED STORIES

MCI hit by computer virus - Dec. 21, 1998

E-mail treachery may loom - July 30, 1998

  RELATED SITES

Finjan

Microsoft


Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney




graphic

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.