hwg-basics archives Nov 1999 new search results previous next

Fw: More on Bubbleboy Worm/Virus

by ayotunde(at)mindspring.com

 Date:  Tue, 16 Nov 1999 09:28:47 -0600
 To:  <webgrrls-houston(at)egroups.com>,
<hwg-basics(at)hwg.org>
  todo: View Thread, Original 
Date: Saturday, November 13, 1999 12:46 AM
Subject: More on Bubbleboy Worm/Virus


>This week brought another illustration that the mere mention of the word
>"virus"
>is enough to spread fear around the Internet.
>
>It started with an announcement from a California company - Network
>Associates -
>that happens to sell anti-virus software.
>
>In ominous tones, news agencies said the company had discovered "a
dangerous
>new
>e-mail virus, able to destroy information" even if messages remain
unopened.
>
>A Network Associates spokesman said the virus, labeled "Bubbleboy" after a
>character in a Seinfeld episode, "breaks a long-standing rule that you have
>to
>open an e-mail attachment to become infected."  Network Associates said it
>already had a software patch available to fix the problem.
>
>You had to read through the fine print of the news stories to learn that:
>
>1) Bubbleboy is so rare as to be almost non-existent.  Another anti-virus
>software developer, Symantec, said it had "no customer reports of this
>virus."
>Network Associates itself gives Bubbleboy a low risk rating because it also
>has
>no reports of customers with the virus.  (It was sent anonymously directly
>to
>the makers of anti-virus software.)  In short, at the moment Bubbleboy
>exists
>mainly in a laboratory setting and on one hacker site in Japan.  It is not
>running wild on the Internet.
>
>2) Bubbleboy is more playful than destructive. The virus (technically, a
>"worm") merely renames the computer's registered owner to "Bubbleboy" and
>makes
>a few other harmless changes that refer to the Seinfeld series.
>
>3)    Bubbleboy mainly affects computers with Windows 98 or 2000, running
>the
>Outlook or Outlook Express mail programs that come with Internet Explorer
>4.01
>and 5.0. (It will affect Windows 95 machines if you have installed Internet
>Explorer 5.0) It apparently does not work on Netscape e-mail programs.
>
>4) Bubbleboy exploits a security hole in Internet Explorer that has already
>been fixed with a patch from Microsoft you can download and install.
>
>This security vulnerability relates to two types of "Active-X controls"
used
>by
>some Web sites. Active-X is Microsoft software that, in essence, enables a
>Web
>server to talk with your Windows computer.
>
>Under certain limited circumstances, a Web site operator could exploit
these
>security holes to read files on your computer.
>
>Microsoft therefore recommends that you fix the problem with a free
>downloadable
>patch, available here:
>
>http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
>
>(It will also block Bubbleboy if he happens to sneak out of the lab.)
>
>To read what Microsoft says about Bubbleboy, go here:
>
>http://www.microsoft.com/security/bubbleboy.htm
>If downloading a patch seems like more trouble than it is worth, you can
>also
>change the security settings to "High" in Internet Explorer and accomplish
>the
>same thing.  The High setting disables Active-X controls (and blocks
>Bubbleboy
>and, possibly, future imitators).  The downside is that it makes surfing
>more
>difficult to avoid a threat that, for the moment, is more theory than
>reality.
>
>For instructions on changing security settings in Internet Explorer, please
>see:
>
>http://support.microsoft.com/support/kb/articles/Q174/3/60.ASP
>
>WHY ALL THE HYPE, if Bubbleboy is less than a mortal threat?
>
>It marks the first time someone has created a virus [worm] that you can
>trigger
>without opening an e-mail attachment.  Bubbleboy launches if you simply
view
>it
>in the Preview Pane of Outlook Express.  The fear is that in the future,
>someone
>will copy Bubbleboy's features to create a more malicious virus.
>
>The bottom line?  Bubbleboy is a bubble of hype that may be more about
>selling
>software than any specific, real menace.
>
>It's also about a kind of "gotcha" game that computer geeks like to play.
>They
>love to prove that large, powerful companies like Microsoft can make
>mistakes.
>In this case, Bubbleboy is a "proof of concept" virus, meaning it
>demonstrates
>the security hole in Internet Explorer.  It is not by itself dangerous, but
>its
>creator can say "gotcha" to Microsoft. Call it an ego trip if you like.
>
>That said, however, if you are active on the Internet and not already using
>anti-virus software, you should consider doing so.  All major brands
quickly
>update their products over the Web to neutralize the latest virus threats.
>You
>can set up any of them to load in the background when your machine boots
up.
>Or,
>you can scan downloads or e-mail attachments individually before you open
>them.
>(A right-click on the downloaded file or attachment brings up a menu that
>invites you to scan with, for example, "Norton AntiVirus.")
>
>For a readable, detailed discussion of viruses, click here:
>
>http://home.cnet.com/specialreports/0-6014-7-116551.html?st.cn.3746-7-
>120645.txt.6014-7-116551

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA