Extra Newsguy - Welcome!
Newsguy - Usenet Search, All Newsgroups, Members, My Account, Check Email


"A New Breed of Computer Viruses"
  12/15/99

When it was first discovered in early November, the BubbleBoy virus was alarming, but not really a threat. No known copies existed out in the real world and BubbleBoy's author sent the virus code directly to security experts. Unfortunately, it has been confirmed that the virus, and an updated version of the program, has now been posted on a Web page. The Japanese hosted page is devoted to collecting viruses. A look at the virus reveals a few more details about the program.

A text document available in the download claims that the program was written by a virus writer named "Zulu" and suggests the program originated outside of the US in Argentina. The text file gives credit to the security expert, Georgi Guninski, who first discovered the vulnerability exploited by the virus. Apparently the virus writer is a fan of the television show "Seinfeld" as its name is derived from the Bubble Boy character in an episode of the series. Once infected, a machine will have the registered user name changed to BubbleBoy and the organization name will be altered to read "Vandelay Industries", the fictitious company that George worked for.

This new breed of computer virus emerged in early November, according to antivirus firms. These viruses can infect Internet users when they open, or simply preview, an infected e-mail. The troubling thing about BubbleBoy is that it can launch when you simply preview an email in a Microsoft Outlook message. Unprotected machines are easy targets for any new virus based on BubbleBoy.

Since BubbleBoy was discovered, every major anti-virus software firm has issued a software antidote. As it only affects Windows-based machines, Microsoft posted a software patch that will thwart the basic mechanism the virus uses to launch itself. To protect your machine, go to an anti-virus web site and download the BubbleBoy upgrade, then go to Microsoft and
download their patch. The problem is, most people either don't know how (or won't take the time) to download the patches and with the high number of sales of sub-$1000 PCs, odds are that more vulnerable systems are becoming available everyday.

Now that BubbleBoy's author has demonstrated a new way to launch viruses, a tremendous number of virus writers are going to try to do outdo him. Malicious virus writers will inevitably copy it, tweak it, and design dozens of potentially nasty variants in coming weeks.

For over a year, security experts have raised the concern that e-mail itself, not just an e-mail attachment, could transmit a computer virus. E-mail readers that render HTML, like Microsoft's Outlook or Eudora Pro cause the problems. Since these programs allow HTML formatting within the body of the message, they also allow execution of code. With Outlook Express, that code can be executed even before the message is open, thanks to the "preview pane" included with the software. But while the possibility has existed theoretically, BubbleBoy is the first virus to exploit it.

Thanks to viruses like Melissa, most Internet users seem used to the idea that opening an e-mail attachment can expose their computers, but reading e-mail itself has always seemed safe. It's currently unclear exactly how users of HTML e-mail readers can protect themselves from such viruses. Regularly updating antivirus software will defend against most viruses, but virus writers are usually a step ahead of the antivirus software. It should be noted that while the virus is now available for download and imitation by virus writers, there as yet have been no reported victims of the program
.

  - by Clayton Crooks

  Feature Writer Links:

  Related Newsgroups:
 
  alt.comp.virus
  comp.mail.eudora.ms-windows
  microsoft.public.exchange