Anti-virus experts said last week they have found the first example of a computer virus that can infect the body of an email without the need for a user to open an attachment. Computer Associates International Inc described BubbleBoy as possibly the most dangerous virus ever, while Norman Data Defense Systems Inc calls it potentially more destructive than Melissa.
BubbleBoy, named after a character in an episode of TV sitcom ‘Seinfeld’, is a Visual Basic Script worm, which exploits a security hole in Microsoft CorpÆs Outlook and Internet Explorer 5 applications. When opened, the invisible VBS in the email inserts a script file, UPDATE.HTA, in the machineÆs startup sequence. Next time the PC is booted, the virus sends itself to every email address in the userÆs Outlook inbox (whereas Melissa only sent itself to the top 50 addresses). This has the potential to bring thousands of email servers to a grinding halt if not controlled.
Because the virus does not require an attachment to be opened, and can even run itself from OutlookÆs preview window, even the least gullible email users can find themselves infected. Users can avoid the virus by downloaded a patch from the Microsoft web site, or by setting IE5Æs internet security settings to æHighÆ. The virus only works with English and Spanish versions of Windows 98, 2000 and 95 when the Windows Scripting Host is installed. It can be recognized by the subject line of the email, BubbleBoy is Back.
Anti-virus companies like Norman, Symantec and ICL said that the virus is proof of concept and is not yet in the wild, so the chance of infection is rare. BubbleBoy was most likely written by a hacker, believed to be based in Argentina, then mailed directly to anti-virus firms to show off. But the fact that such a concept has been proved means BubbleBoy or variant strains could soon find their way into the wild.