[WinMac] Russian New Year Virus!

Michael Kulyk @ MACSPECTRUM (@)
Wed, 06 Jan 1999 09:46:24 -0500

Finjan Inc., the leader in Internet mobile code security, today alerted
the public to an
          extremely dangerous security hole that could affect virtually
anyone surfing the Internet. Several security
          experts and business analysts agree that the Russian New Year
exploitation is a new type of mobile code
          attack that clearly illustrates the latent security threats on
the Internet and the importance of inspecting any
          type of code that is downloaded onto your machine.

          The genius of this attack is in taking two legitimate
functions when used separately, HTML and the
          "CALL" function available in Microsoft Excel 95 and 97 and
combining them into an attack that can be
          extremely malicious and damaging. With this combination, an
attacker could steal or copy innocent
          Internet users private files without their knowledge. Excel
doesn't have to be running to execute this
          exploit; it simply has to be installed on the PC.

To Protect Against the Russian New Year Attack:
          Finjan recommends the following actions to protect yourself
and your company against the Russian New
          Year Attack:

          Install or upgrade to Microsoft's Office 97 and install
Service Release 1 and then install Service Release
          2 plus patch to disable the 'call function'

          If using Internet Explorer's versions 3.x, upgrade to 4.x, and
adjust the security setting on the browser
          to the highest level

          If using Internet Explorer's version 4.x adjust the security
settings on the browser to high.

          If using a Netscape's Navigator browser, install or upgrade to
Navigator 4.5

          For licensed Finjan SurfinGate users who are using Netscape
Navigator as their default browser, set the
          SurfinGate policy to "Block All Plugins" This will remove all
<embed> tags from the HTML code.

          Or, for licensed customers using Microsoft's Internet Explorer
or those Netscape Navigator users
          who do not want entire blocking of all plug-ins:

                Download an updated version of SurfinGate at
http://www.finjan.com/rny/rny2.cfm. This
                version includes a patch file with enhanced HTML
scanning features that allow users to list a
                variety of file types that can be blocked.

                If you are not a licensed SurfinGate customer:

                Immediately download a fully functional 30-day
evaluation copy of SurfinGate from the Finjan
                Software Products Web page at
http://www.finjan.com/rny/rny2.cfm. If you have desktops
                connected to the Internet, consider purchasing licensed
copies of SurfinGate for protection
                beyond the 30-day time period.

          For individual consumers or small businesses, Finjan is
providing a free copy of Finjan's SurfinTest that
          will block the known versions of the Russian New Year
exploitation.

          IN ALL INSTANCES, FINJAN STRONGLY RECOMMENDS THAT EVERYONE
USING THE
          INTERNET UTILIZE A MULTIPLE LINES OF DEFENSE APPROACH.
CONSIDER USING
          SEVERAL OF THESE APPROACHES TO IMPROVE YOUR SECURITY.

--
Michael Kulyk
MACSPECTRUM
(416) 236-5585
(416) 236-5586 (fax)
http://www.macspectrum.com/


"My God, it's full of stars!"






*                    Windows-MacOS Cooperation List                 *
*  FAQ:              <http://www.darryl.com/winmacfaq/>             *
*  Archives:         <http://www.darryl.com/winmac/>                * 
*  Subscribe:        <mailto:winmac-on@xerxes.frit.utexas.edu>      *
*  Subscribe Digest: <mailto:winmac-digest@xerxes.frit.utexas.edu>  *
*  Unsubscribe:      <mailto:winmac-off@xerxes.frit.utexas.edu>     *

This archive was generated by hypermail 2.0b2 on Wed Jan 06 1999 - 06:50:07 PST