Bubbleboy e-mail virus

[Ringo]

An interesting item from the day’s news:

[SAN"]http://www.tampabayonline.net/news/news1016.htm]SAN]( [url="http://www.tampabayonline.net/news/news1016.htm) FRANCISCO (AP) - A dangerous new type of e-mail virus emerged on Tuesday, able to destroy information on computers even when users are careful not to fully open the messages.
The virus, nicknamed Bubbleboy'' after an episode of the TV show Seinfeld,’’ was e-mailed late Monday to researchers at Network Associates, a computer security company in Santa Clara. The company put a free software patch capable of blocking the attack on their Web site Tuesday.

**This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an e-mail attachment to become infected**,'' said Network Associates spokesman Sal Viveros. That’s all changed now.’’

[Ringo]

Arghh!!! I seem to be doing very poorly w/the UBB codes this week.

Try this

[Monty]

By “careful not to fully open messages,” are the authors referring to the practice of having one’s Outlook e-mail display a preview of the message?

If so, then the message is actually open.

[Ringo]

The story said that is the case.

[BoBettie]

from the story:

``Bubbleboy’’ only requires that the e-mail be previewed on the Inbox screen of Microsoft’s Outlook Express, a popular e-mail program. As soon as the e-mail is highlighted, without so much as a click of a mouse, it infects the computer.

---

A friend is someone who likes you even though you’re as ugly as a hat full of assholes.
Zettecity

[SterlingNorth]

Will it do the same with Netscape’s Email reader?

[HeadlessCow]

Umm…is the link supposed to go to a story about septuplets?
Anyway, to be infected by a virus you need to run something. this would normally be impossible with email but if the email reader allows HTML code to be executed it becomes possible. My suggestion is to find out how to turn off HTML code in your mail reader and only turn it back on when you are reading something that you know is clean.

[mouthbreather]

This is result of this virus is basically the same as Melissa, but to activate it all you must do is open the message(Outlook or Outlook Express), or in the case of Outlook Express, just preview the message.
copied from ZDNet.com:

“BubbleBoy requires Internet Explorer 5.0 with Windows Scripting Host installed, which is standard on Windows 98 and Windows 2000. It doesn’t run on Windows NT or on the default settings of Windows 95. Setting IE 5.0 to its maximum security setting would prevent it from doing anything.”

[SterlingNorth]

Well, here’s a link from my newspaper, which coincidentially answers my previous question.
http://washingtonpost.com/wp-dyn/business/A46274-1999Nov10.html

---

It is by the fortune of God that, in this country, we have three benefits: freedom of speech, freedom of thought, and the wisdom never to use either.
—Mark Twain

[Lissa]

This is an email I got this morning.I’m posting it beacuse I’m too lazy to follow links, and I think there might be a lot of people like me . . . So I’m laying out what little facts I have. Is this the proper soltuion? Should I follow the steps as lited? What would be, if any, “side effects” of changing the settings?

VBS/Bubbleboy (this is from the Seinfeld episode) is a new Internet worm, discovered 11/08/99.  AVERT has assigned it a LOW risk
assessment; it has not appeared in the wild (not widespread at this point in time).

Even though this is not “in the wild” as they say - I think this virus is interesting for all of us to know about because it seems that viruses are not just in attachments anymore!!!

VBS/Bubbleboy is a NEW type of worm: Unlike previous worms transmitted through email, this new type of worm does not come as an executable attachment.Instead, VBS/Bubbleboy infects PCs as soon as the transmitting email message is opened. This is a VERY significant innovation!

Virus researchers have long assured the public that it is not possible to
contract a virus or worm merely by opening and reading an email message. This is
no longer true, and VBS/Bubbleboy marks the beginning of a more dangerous
computing environment.

VBS/Bubbleboy is transmitted through an email message with the subject heading “Bubbleboy is back!” It will ONLY infect PCs running Windows 98 with Internet Explorer 5 and Outlook or Outlook Express. PCs using Outlook are infected upon opening the email message, while Outlook Express users may
beinfected by viewing the message with Outlook’s “Preview Pane” feature!   When
the email is opened, the worm creates a file called UPDATE.HTA. The next time the PC is booted up, the worm sends itself embedded in an email to EVERY address in EVERY MS Outlook address book on the local system. It does this only once.

Notes on detection, removal, and protection:
Scan Now and ActiveShield have been updated to detect VBS/Bubbleboy. If the worm is detected before it has sent itself to your address book contacts, you should find and delete the file UPDATE.HTA. If the worm has
already sent itself to your contacts, you should do nothing; the worm will not do anything further, and your PC is now effectively inoculated against re-infection. To protect your system against infection, disable Windows Scripting Host by
following these steps:

Click the Start button, Settings, Control Panel, then select  Add/Remove Programs, then select the Windows Setup tab, then double-click Accessories,scroll down to Windows Scripting Host, and uncheck the box. Save changes and close the window.

[Alphagene]

“Vandelay Industries”

Microsoft already has a patch available to combat this problem.

Symantec also has info on the worm.

---

Back off, man. I’m a scientist.

[Alphagene]

Ugh, is it me or is the [ url ] code acting sketchy?

Microsoft’s patch: http://www.microsoft.com/security/Bulletins/ms99-032.asp

Symantec’s info on the worm: http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html

---

Back off, man. I’m a scientist.

[RealityChuck]

McAfee is not known for the reasoned approach to new viruses. In other words, they send out heated, hysterical press releases at the drop of a hat. In this case, it doesn’t even appear that the virus is in the wild, so it hardly is worth a press release, let alone headlines.

---

Read “Sundials” in the new issue of Aboriginal Science Fiction.
www.sff.net/people/rothman

[Max_Torque]

Jesus, I’m glad I’m out of computer support…I swear the people I worked for were idiots. I hated Outlook, everyone hated Outlook, so naturally they made it the standard…they must be excreting masonry right now.

[Lucky]

I think I’m missing something here. What does this virus do, besides sending itself to everyone in your address book? It’s recommended above that if it’s already infected your address book you should do nothing. So, what? The virus enters your system, sends itself on to other systems, but other than that doesn’t do anything? Why would anyone care about a virus that does nothing? What have I missed?

---

Don’t get me wrong–I love life. I’m just finding it harder and harder to keep myself amused.

[handy]

Lucky, it renames important system files.

Anyway, it wont do anything if you just see the subject header & delete then.

[OpalCat]

The link went to the story “Trial begins in 1970 beating death of black sharecropper” for me… heh. Oh well.

---

–
O p a l C a t
www.opalcat.com

[Ringo]

Links to news stories at a lot of news sites (in this case a Florida paper running the AP wire) usually change stories within a day or two.

[RealityChuck]

Further evidence of McAfee’s hype: the patch to prevent this problem was put up on Microsoft’s website two months before the virus was discovered.

This is way overhyped. It is not anything new; it merely exploits a security hole in the software, not the operation of the software itself. A small softare patch eliminates it, or any other virus like it, as a threat. It is thus not the indication of a new development in viruses (it’s nothing new for one to be programmed to take advantage of a security flaw – though those viruses rarely get into the wild).

If this was a real virus threat, why did McAfee wait two days after the news came out before putting updated virus definition files on its website? If their virus detection engineers thought it was such a threat, they would have had the patch available immediately. It was their PR department – and the fact that most mainstream media start running around like headless chickens when someone mentions virus.

---

Read “Sundials” in the new issue of Aboriginal Science Fiction.
www.sff.net/people/rothman