News > Technology
Excel-related virus revealed
January 5, 1999: 3:11 p.m. ET

Spreadsheet software function can be used to get at PC files, grab passwords
graphic graphic
NEW YORK (CNNfn) - Web surfers with the Microsoft Excel spreadsheet software loaded on their PCs were warned Tuesday about a security "hole" that could allow a hacker to steal or destroy their files.
     Finjan Inc., a San Jose, Calif.-based Internet security software firm, said the so-called "Russian New Year" exploit utilizes two legitimate functions of the Excel program - HTML and a function known as CALL. Together, they allow a hacker to secretly plant malicious code on a computer when a surfer visits an otherwise innocuous-looking site.
     The security hole was described as one of the most serious in Internet history.
     "Prior viruses and other malicious attacks required some user participation," said A. Padgett Peterson, Lockheed-Martin Corp.'s corporate information security architect, in a statement released by Finjan. "This vulnerability is the first to allow a malicious outsider to take control of the local machine simply by the user visiting the Web site.
     With the code loaded onto the PC, Finjan said a hacker can then do such things as steal data and private files, grab passwords, attack a computer's security and even blow up the computer's built-in operating system, or BIOS.
     The security hole affects only users who have Excel 95 or 97 loaded on their computers. However, the program itself doesn't need to be running for a hacker to take advantage on it. All Microsoft Internet Explorer browser versions 3.x and 4.x are vulnerable to the hole, as are Netscape browser versions 3.x and 4.x except for Navigator 4.5.
     "The Russian New Year exploit is by far the most serious of the increasing number of mobile code exploits appearing in the last six months," said Bill Lyons, Finjan's president. "We cannot emphasize enough how important it is for anyone conducting electronic commerce to inspect all information coming into their company to look for these types of attacks before they cause damage."
     Computer owners whose Excel program is part of Microsoft Office 97 can install a patch available from the software publisher that eliminates the CALL function. Finjan is also including a way to block any embedded tags from HTML code as part of its SurfinGate blocking software.
     Microsoft, for its part, has indicated that it's aware of the security hole, as demonstrated by the availability of the patch since last month. It also indicated that it doesn't see the problem as being quite as serious as Finjan makes it out to be.
     "We haven't gotten a single customer inquiry on the issue yet," John Duncan, a product manager in Microsoft's Office group, is quoted by The Wall Street Journal as saying.
     Microsoft shares were up 6-1/8 to 147-1/8 in Tuesday afternoon trading.Back to top


MCI hit by computer virus - Dec. 21, 1998

E-mail treachery may loom - July 30, 1998




Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney