[WinMac] Russian New Year Virus!
Michael Kulyk @ MACSPECTRUM (@)
Wed, 06 Jan 1999 09:46:24 -0500
Finjan Inc., the leader in Internet mobile code security, today alerted
the public to an
extremely dangerous security hole that could affect virtually
anyone surfing the Internet. Several security
experts and business analysts agree that the Russian New Year
exploitation is a new type of mobile code
attack that clearly illustrates the latent security threats on
the Internet and the importance of inspecting any
type of code that is downloaded onto your machine.
The genius of this attack is in taking two legitimate
functions when used separately, HTML and the
"CALL" function available in Microsoft Excel 95 and 97 and
combining them into an attack that can be
extremely malicious and damaging. With this combination, an
attacker could steal or copy innocent
Internet users private files without their knowledge. Excel
doesn't have to be running to execute this
exploit; it simply has to be installed on the PC.
To Protect Against the Russian New Year Attack:
Finjan recommends the following actions to protect yourself
and your company against the Russian New
Year Attack:
Install or upgrade to Microsoft's Office 97 and install
Service Release 1 and then install Service Release
2 plus patch to disable the 'call function'
If using Internet Explorer's versions 3.x, upgrade to 4.x, and
adjust the security setting on the browser
to the highest level
If using Internet Explorer's version 4.x adjust the security
settings on the browser to high.
If using a Netscape's Navigator browser, install or upgrade to
Navigator 4.5
For licensed Finjan SurfinGate users who are using Netscape
Navigator as their default browser, set the
SurfinGate policy to "Block All Plugins" This will remove all
<embed> tags from the HTML code.
Or, for licensed customers using Microsoft's Internet Explorer
or those Netscape Navigator users
who do not want entire blocking of all plug-ins:
Download an updated version of SurfinGate at
http://www.finjan.com/rny/rny2.cfm. This
version includes a patch file with enhanced HTML
scanning features that allow users to list a
variety of file types that can be blocked.
If you are not a licensed SurfinGate customer:
Immediately download a fully functional 30-day
evaluation copy of SurfinGate from the Finjan
Software Products Web page at
http://www.finjan.com/rny/rny2.cfm. If you have desktops
connected to the Internet, consider purchasing licensed
copies of SurfinGate for protection
beyond the 30-day time period.
For individual consumers or small businesses, Finjan is
providing a free copy of Finjan's SurfinTest that
will block the known versions of the Russian New Year
exploitation.
IN ALL INSTANCES, FINJAN STRONGLY RECOMMENDS THAT EVERYONE
USING THE
INTERNET UTILIZE A MULTIPLE LINES OF DEFENSE APPROACH.
CONSIDER USING
SEVERAL OF THESE APPROACHES TO IMPROVE YOUR SECURITY.
--
Michael Kulyk
MACSPECTRUM
(416) 236-5585
(416) 236-5586 (fax)
http://www.macspectrum.com/
"My God, it's full of stars!"
* Windows-MacOS Cooperation List *
* FAQ: <http://www.darryl.com/winmacfaq/> *
* Archives: <http://www.darryl.com/winmac/> *
* Subscribe: <mailto:winmac-on@xerxes.frit.utexas.edu> *
* Subscribe Digest: <mailto:winmac-digest@xerxes.frit.utexas.edu> *
* Unsubscribe: <mailto:winmac-off@xerxes.frit.utexas.edu> *
This archive was generated by hypermail 2.0b2
on Wed Jan 06 1999 - 06:50:07 PST
|