Feeds

MS Office virus could infect without you opening attachment

If your browser automatically executes a CALL function, then all sorts of horrid things may be possible

  • alert
  • submit to reddit

Seven Steps to Software Security

Israeli security outfit Finjan Software has warned of how a potentially serious Excel-related virus could spread and inflict damage without the recipient opening an email attachment. Finjan says that "All 3.x and 4.x versions of the Microsoft Internet Explorer Browsers and Netscape Navigator browsers 3.x and 4.x (except Navigator 4.5) are vulnerable, as well as all HTML-aware email applications such as Outlook 98." The virus in question is Russian New Year, which uses the Excel CALL function in Office 95 and Office 97. This allows external executables to be started from within a spreadsheet cell, without the user knowing it's happening. Finjan explains how this would work via a browser: "On a Web page, Web developers include services to various file content types from a server to a browser. Suppose the files end with .XLS extensions. Then it is likely that these files will be associated with the Excel program. In this case, the .XLS files transferred to a browser will be passed immediately and processed by the referenced application - in this case, Excel. When Excel is opened, it executes functions in the cells of the spreadsheet. If one of the functions has a maliciously coded CALL function then it is possible that the Excel spreadsheet can be used to copy an executable program to the hard disk and execute it." But that doesn't mean you have to physically open the link yourself. Vulnerable browsers and email programs can execute the CALL function automatically without the email actually being opened, therefore it seems conceivable that the infection could spread without users even noticing it was happening. Freelance writer Deborah Radcliff reported on this a few days ago in Computerworld, and she comes up with some possible consequences. A mass mail could be used to distribute the virus, which could be used for espionage purposes (suck data from your corporate rivals) or for sheer destruction, creating and writing data to the recipients' hard disks. She also suggests the possibility that the Melissa approach, where the virus apparently comes from a colleague or friend, could be used in conjunction with Russian New Year. According to Finjan, the solutions are convoluted, and not particularly attractive for people who use the CALL function frequently. You need to run Office 97 (there's no fix for 95) with service packs 1 and 2 installed and the Microsoft patch to disable the CALL function. If you're using IE 3.x, upgrade to 4.x and set the security level to highest. Navigator users should switch to 4.5. Our thanks to Windows 98 Central, a useful site for monitoring all things Windows-related, for drawing this one to our attention. ®

Boost IT visibility and business value

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
Price cuts, new features coming for Office 365 small biz customers
New plans for companies with up to 300 staff to launch in fall
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.