By Lee Bruno,
There's word this week of a Web-based attack with which cyberthugs can load malicious code onto a PC without the user knowing. It's called the Russian New Year attack, and anyone with a browser and using Excel or Office 95 from Microsoft is at risk.
Here's how it works: A cyberthug sends an e-mail message with a Web-page attachment or pointer to a website in which the offending code is embedded. Once the user clicks on it, the code can insert itself onto the desktop by using the call function in Excel and Word, according to Finjan, in Santa Clara, Calif. The call function divides websites into sections known as frames and is widely used on Wall Street to capture data from financial applications.
Finjan recommends network managers install or upgrade desktop systems running Microsoft's Office 95 and 97 with Service Release 1 and then install Service Release 2, plus a patch to eliminate the call function (the software is available at http://officeupdate.microsoft.com/downloadDetails/xl97cfp.html).
For desktops running Internet Explorer version 4.x, users need to adjust security to the highest level; users of Navigator browsers from Netscape, in Mountain View, Calif., should install or upgrade to Navigator 4.5.
Try TechWeb's RSS Feed!Assurant Health seeking Siebel Solution Delivery Lead in Milwaukee, WI
Rho Trading Securities seeking Network and Systems Technician in Chicago, IL
JK Group, Inc. seeking Programmer / Analyst in Plainsboro, NJ
Sibley Memorial Hospital seeking Chief Information Officer in Washington, DC
Lowe's seeking DC Systems Technician II in Pittston, PA
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
