Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Russian New Year


Aliases:


Russian New Year

Malware

W32

Summary

There is no virus by this name. However, there is a well-known security hole in Windows and MS Excel which is known by this name.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

This vulnerability, related to the CALL function of Excel, allows an attacker to send an HTML e-mail or modify a HTML web page so that when accessed, the HTML page will automatically launch Excel and use that to run any program. This allows the attacker to do pretty much anything he wants on the host machine.

This attack is not widespread and no real-world incidents have been reported.

The problem has been partially solved by Microsoft by releasing patch for Excel 97 (this patch will disable the CALL command completely). Excel 95 can't be protected by this time.

Netscape and Internet Explorer can also be secured against this attack by updating to the latest version with latest patches. This does not prevent some attacks through HTML e-mail though.

F-Secure Anti-Virus detects Excel files with embedded harmful CALL commands and will protect the user against this type of attack.

[By Mikko Hypponen, F-Secure]







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.