Get Paid to Surf the Web

FootsloG Articles
Featured Article



Search
Articles & Help Docs

Footslog Home
 Articles Home
Questions?
Windows 9x & NT
Windows 3.x
Software
Hardware
Glossary

Join our Mailing List for News and Tips
Subscribe
Unsubscribe

 

Featured Article

VBS/Bubbleboy

VBS/Bubbleboy is the first virus that is able to propagate itself via email, without having to open an attachment.  This means all you have to do is highlight the email and it will activate the virus. 

It achieves this by exploiting security holes that exist in the treatment of ActiveX controls.  As stated by Microsoft on their MS99-032 Security Bulletin page:

"Microsoft has released a patch that eliminates security vulnerabilities in two ActiveX controls. The net effect of the vulnerabilities is that a web page could take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do." 

Frequently asked questions regarding this vulnerability can be found on Microsoft's web site.

The infected email will include the following:

From: {name of infected user} 
Subject: BubbleBoy is back! 
Body: The BubbleBoy incident, pictures and sounds
http://www.towns.com/dorms/tom/bblboy.htm 

The website to which the URL in the message body points does not actually exist.  The message actually contains an embedded HTML file which contains the viral Visual Basic Script (VBS) code. 

Assuming certain criteria are met the virus will activate: 

  1. The machine has Internet Explorer 5, WSH and Outlook or Outlook Express installed 
  2. The machine is running Windows 95/98 
  3. The machine has not had the patch referred to in the MS99-032 Security Bulletin applied 
  4. The security settings of the Internet zone in Internet Explorer are not set to 'High' then the viral code will run when the email is opened (and also when the email is previewed
    in Outlook Express). 

Upon running, a file (UPDATE.HTA) is dropped into the Windows startup directory. Upon restarting therefore, UPDATE.HTA executes, and proceeds to edit the Registry: 

  1. The registered owner of Windows is changed to 'Bubbleboy' 
  2. Organization is changed to 'Vandelay Industries' 
  3. A key is added as a marker 
    (key  - HKEY_LOCAL_MACHINE \Software \OUTLOOK.BubbleBoy, value=
    OUTLOOK.BubbleBoy 1.0 by Zulu) 
  4. VBS/Bubbleboy mails a copy of itself to all the addresses listed in all the Outlook address books. 

We advise you to visit the web site of your antivirus product vendor and obtain the latest updates that will ensure protection.

.

 

[ Home ] Hardware ] Software ] Windows 3.x ] Windows 95/98/NT ] Glossary Index ]

Copyright 1999 by FootsloG.com. All rights reserved.   Click Here for our usage terms and conditions disclaimer.
Questions and comments:  webmaster@footslog.com