When it was first discovered in early November, the BubbleBoy virus was
alarming, but not really a threat. No known copies existed out in the real
world and BubbleBoy's author sent the virus code directly to security experts. Unfortunately, it has been confirmed that the virus, and an
updated version of the program, has now been posted on a Web page. The
Japanese hosted page is devoted to collecting viruses. A look at the virus
reveals a few more details about the program.
A text document available in the download claims that the program was written by a virus writer named "Zulu" and suggests the program originated
outside of the US in Argentina. The text file gives credit to the security
expert, Georgi Guninski, who first discovered the vulnerability exploited by
the virus. Apparently the virus writer is a fan of the television show
"Seinfeld" as its name is derived from the Bubble Boy character in an
episode of the series. Once infected, a machine will have the registered
user name changed to BubbleBoy and the organization name will be altered to
read "Vandelay Industries", the fictitious company that George worked for.
This new breed of computer virus emerged in early November, according to
antivirus firms. These viruses can infect Internet users when they open, or
simply preview, an infected e-mail. The troubling thing about BubbleBoy is
that it can launch when you simply preview an email in a Microsoft Outlook
message. Unprotected machines are easy targets for any new virus based on
Since BubbleBoy was discovered, every major anti-virus software firm has
issued a software antidote. As it only affects Windows-based machines,
Microsoft posted a software patch that will thwart the basic mechanism the
virus uses to launch itself. To protect your machine, go to an anti-virus
web site and download the BubbleBoy upgrade, then go to Microsoft and download their patch.
The problem is, most people either don't know how (or won't take the time)
to download the patches and with the high number of sales of sub-$1000 PCs,
odds are that more vulnerable systems are becoming available everyday.
Now that BubbleBoy's author has demonstrated a new way to launch viruses, a
tremendous number of virus writers are going to try to do outdo him. Malicious virus writers will inevitably copy it, tweak it, and design dozens
of potentially nasty variants in coming weeks.
For over a year, security experts have raised the concern that e-mail itself, not just an e-mail attachment, could transmit a computer virus.
E-mail readers that render HTML, like Microsoft's Outlook or Eudora Pro
cause the problems. Since these programs allow HTML formatting within the
body of the message, they also allow execution of code. With Outlook Express, that code can be executed even before the message is open, thanks
to the "preview pane" included with the software. But while the possibility
has existed theoretically, BubbleBoy is the first virus to exploit it.
Thanks to viruses like Melissa, most Internet users seem used to the idea
that opening an e-mail attachment can expose their computers, but reading
e-mail itself has always seemed safe. It's currently unclear exactly how
users of HTML e-mail readers can protect themselves from such viruses.
Regularly updating antivirus software will defend against most viruses, but
virus writers are usually a step ahead of the antivirus software. It should
be noted that while the virus is now available for download and imitation by
virus writers, there as yet have been no reported victims of the