| Associated Press (via ClariNet) | Wed, 10 Nov 1999 7:33:04 PST | Attglobal Headlines |
Story from AP / RON HARRIS
SAN FRANCISCO (AP) -- Computer security experts are warning of a dangerous new e-mail virus, one able to destroy information even when users don't fully open their messages.
"Bubbleboy," apparently nicknamed after an episode of the TV show "Seinfeld," is the first known e-mail virus that doesn't even need to be fully opened to be activated. Just highlighting the e-mail's subject line in Microsoft Outlook Express activates its hidden code.
It also takes every address in a computer's e-mail program and passes the virus along, unless the computer user has installed a patch distributed in August by Microsoft.
The virus, technically a "worm" program, requires that a component of Windows, called Windows Scripting Host, also be installed on the victim's computer. It doesn't affect Microsoft's more robust Windows NT software typically used by companies. Unlike viruses, worms are self-contained and don't attach themselves to another program to propogate.
Researchers at Network Associates, a Santa Clara computer security company, said "Bubbleboy" could become the framework for the easy delivery of a host of malicious programs.
"This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an e-mail attachment to become infected," spokesman Sal Viveros said. "That's all changed now."
"Bubbleboy" was e-mailed late Monday to Network Associates and the company put a free software patch capable of blocking the attack on its Web site the next day.
The company isn't certain who sent the virus, but researchers believed the threat is so serious that they notified the FBI, said Vincent Gullotto, director of the company's virus detection team.
"It could basically disable your PC easily," Gullotto said. "This could be a watershed."
The virus sent Monday night was more playful than destructive as it worked its way through a computer's hard drive, renaming the computer's registered owner as "Bubbleboy" and making other "Seinfeld" references.
Such a display can be a warning salvo. Gullotto said more destructive versions of the virus could soon follow.
"This could be the catalyst," Gullotto said. "While the Melissa virus was 'hell coming to dinner,' we have reassessed that and know that something bigger, meaner and nastier is on its way."
The Melissa computer virus clogged e-mail systems around the world when it hit in March, but many computer users were able to avoid trouble by deleting e-mails without reading them. Like previous e-mail viruses, Melissa wreaked havoc only after users double-clicked an attachment to the seemingly benign messages.
"Bubbleboy" only requires that the e-mail be previewed on the Inbox screen of Microsoft's Outlook Express, a popular e-mail program. As soon as the e-mail is highlighted, without so much as a click of a mouse, it infects the computer.
The virus appears as a black screen with the words "The Bubbleboy incident, pictures and sounds" in white letters.
It affects computers with Windows 98, Windows 2000 and some versions of Windows 95 that also use Microsoft's Internet Explorer 5.0 and Outlook Express Web browser and e-mail programs, Gullotto said. It apparently does not affect Netscape's e-mail programs.
Even without Network Associates' software patch, there is an easy fix. Enabling Microsoft's highest-security e-mail filter will keep the virus from entering.
Microsoft spokesman Adam Sohn said Tuesday night that anyone who downloaded the August upgrade to Internet Explorer 5.0 already is protected from ``Bubbleboy.''