hwg-graphics archives Nov 1999 new search results previous next

Re: virus information feedback

by Sharon <sll(at)chariot.net.au>

 Date:  Tue, 16 Nov 1999 18:45:29 +1000
 To:  hwg-graphics(at)hwg.org
  todo: View Thread, Original 
Not sure if this has been passed on but thought I would anyway. I was sent
this from a friends mailing list and no I am not affiliated with it, but
thought I would pass it on for info or the trash..whichever you choose :))

"BubbleBoy" Virus No Problem For LangaList Readers

If you've been taking the advice in past issues of the LangaList,
relax! You're safe from "BubbleBoy" and all similar viruses.

The BubbleBoy Virus is the first attempt to exploit a security hole
in Microsoft Outlook and Outlook Express that came to light about 10
weeks ago: I told you about that security problem (and about the
patch that fixes it) back in early September (see
http://www.langa.com/newsletters/Sept-2-99.htm#bug2 ). In fact,
LangaList readers were able to download and install the patch even
before it was available to the general public on the Windows Update
site, and before there ever was an actual virus of this sort!
Once again: Despite the somewhat overheated reports you may have read
elsewhere, you're already safe from "BubbleBoy" and all similar
related viruses as long as you took the advice in the Sept 2
LangaList.

If you missed all the fuss over BubbleBoy or missed the issue of the
LangaList that told you about the patch, here's the scoop:

Technically, BubbleBoy is a Trojan/worm, not a virus---but everyone's
calling it a virus, so what the heck. To date, the virus only exists
as a "proof of concept" email that does no real harm--- but it
*could* cause harm if the contents were altered.

The thing that makes BubbleBoy-type viruses different is that you
don't have to open an email attachment to have trouble: Microsoft
originally incorrectly set the security levels on some scripting
components, so (if you haven't installed the patch) an HTML email can
directly execute dangerous scripts invisibly embedded right in the
body of an HTML email message.

In Outlook, you have to open the email for the virus to spread, but
Outlook Express's "preview pane" can allow the virus to activate
without ever actually opening the message: This is potentially nasty.
(Note that other email readers, such as Eudora, aren't affected.)

The specific email in question has the subject line "BubbleBoy is
back." If you open or preview the email in Outlook or Outlook
Express, the email will automatically resend itself to all addresses
in your address book. Supposedly, the virus also changes the
computer's registered user to "BubbleBoy" and the organization to
"Vandelay Industries." (Seinfeld devotees will understand these
references...)

For this specific virus, the immediate fix is easy: If you get email
with the subject line "BubbleBoy is back," just delete it without
opening or previewing it.

For a permanent fix, you need the patch I told you about in
September. If you didn't download it then or (gasp!) if you weren't
on the LangaList then, you still can get the patch at any one of
these three places:

http://windowsupdate.microsoft.com
http://www.microsoft.com/msdownload
http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm

For more information, see :

http://www.microsoft.com/security/bulletins/MS99-048faq.asp  or
http://support.microsoft.com/support/kb/articles/q244/5/40.asp

ARGUMENT (ar*gyou*ment)n. A discussion that occurs when you're right, but he
just hasn't realized it yet. 

http://www.chariot.net.au/~sll

HWG: hwg-graphics mailing list archives, maintained by Webmasters @ IWA