Russian New Year with a twist

"Suppose it_s possible to send an e-mail containing a hidden construct," said an information security director. "And when the user opens that e-mail, the construct will run without the user ever knowing anything." Imagine those constructs can do anything their creator wants them to: Secretly copy and download proprietary information, delete the BIOS or reformat your machine. The security director, who asked for anonymity, was talking about Russian New Year with a twist. Discovered in January, Russian New Year exploits the Microsoft Excel CALL functions used to call other Excel functions such as create, write, close, execute and sum. Originally, the only way to contract the virus was to visit a Web page and click an HTML link. Now, Russian New Year can be sent via mass mail programs, with the link embedded or as an attachment. Newer browser programs will automatically execute CALL to fetch the embedded document or prepare to open the attachment -- so the e-mail recipient needn_t even open the e-mail to get infected.