Welcome Guest! To enable all features please Login or Register.



Go to last post Go to first unread
#1 Posted : Tuesday, November 9, 1999 4:00:00 PM(UTC)

Rank: Member

Groups: Registered
Joined: 8/28/2011(UTC)
Posts: 8,887

Was thanked: 1 time(s) in 1 post(s)
'Read-onlý virus can ambush e-mail users
By Janet Kornblum, USA TODAY
PALO ALTO, Calif. - In what could be a watershed event for Internet security, an anonymous code-writer has developed a long-feared virus that can infect the computer of a user who simply opens or reads an e-mail. No attachments are required.
The "BubbleBoy" virus, named after an episode of TV's Seinfeld that features a disease-prone person living in a bubble, poses almost no real threat. But security experts are worried that it signals an era on the Internet when simply reading e-mail can be dangerous.
Security experts had known such a virus was possible but hoped it would not be created, says Jimmy Kuo, director of antivirus for Network Associates.
Most computer viruses, such as the Melissa strain that rampaged through the Internet this year, are passed through files attached to e-mail. Antivirus experts have long said that the only way to get infected through e-mail is to double-click on an infected filẹ
That changed with BubbleBoỵ The name, says Dan Schrader of antivirus company Trend Micro, "is strangely appropriate because the virus writer is trying to imply that hés popping our bubblẹ Ím a little scared by this."
Experts believe it will be only a matter of months before someone develops and spreads a malicious "read-only" virus.
The virus is hiđen behind the code used to program the Web and exploits a security hole in Microsoft's Internet Explorer that can be repaired at www.microsoft.com/securitỵ Users of Microsoft Outlook can get it by reading e-mail, users of Outlook Express by previewing e-mail. For protection, update browsers, put security settings on high and update antivirus programs.

#2 Posted : Tuesday, November 9, 1999 4:03:00 PM(UTC)

Rank: Member

Groups: Registered
Joined: 8/28/2011(UTC)
Posts: 8,887

Was thanked: 1 time(s) in 1 post(s)
New breed of virus unleashed
First-of-its-kind ‘BubbleBoy’ infects users just reading e-mail
By Bob Sullivan

Nov. 9 — A long-feared new breed of computer virus has finally emerged, according to antivirus firms. The so-called BubbleBoy virus can infect Internet users when they open, or even simply preview, an infected e-mail. “Historically we’ve always said, as long as you don’t open attachments, you’re safe,” Network Associates spokesman Sal Viveros said. “That’s not true any morẹ”
BUBBLEBOY IS a “proof of concept” virus that has no dangerous payload, meaning it doesn’t attempt to delete or alter files. But it does have the ability to create a “Melissa-like” mail storm as it sends copies of itself to every e-mail ađress in the victim’s ađress book.
For over a year, security experts have raised the concern that e-mail itself — rather than an e-mail attachment — can transmit a computer virus. The problems are caused by e-mail readers that render HTML, like Microsoft’s Outlook or Eudora Prọ Since these programs allow Web-page-like formatting within the body of the message, they also allow execution of codẹ With Outlook Express, that code can be executed even before the message is open, thanks to the “preview pane” included with the softwarẹ (Microsoft is a partner in MSNBC.)

But while the possibility has existed theoretically, BubbleBoy is the first virus to exploit it, Viveros said.
Thanks to virus crises like Melissa, most Internet users seem used to the idea that opening e-mail attachments can expose their computers — but reading e-mail itself has always seemed safẹ Not any more, according to Viveros.
“This really changes the way people need to react to viruses,” he said. “You can’t really tell people, ‘Don’t open e-mail.”
In fact, it’s unclear exactly how users of HTML-enabled e-mail readers can protect themselves from such viruses. Regularly updating antivirus software will filter out most viruses, but virus writers are usually a half-step ahead of antivirus software — new ill-intentioned programs are almost always able to slip through defenses during the first few hours after their releasẹ
“Until yesterday, I was telling people, ‘Don’t open attachments unless you know why the person sent it to you,’ ” said Dan Schraeder, vice president of new technologies at antivirus firm Trend Micrọ “Now I get nervous just opening e-mail.”
BubbleBoy was sent anonymously to Network Associates Monday night, Viveros said, probably by the author. At the moment, it’s just a lab rat — no antivirus firm has reported seeing BubbleBoy in the wild, meaning it’s highly unlikely Web users will encounter it.
“This virus has not been posted at any hack site we are aware of. We don’t expect to see variants of it popping up all of the suđen,” Schraeder said.
But that’s no reason to dismiss it.
“Historically, what we’ve seen is people take proof-of-concept viruses and create dangerous payloads for them,” Viveros said.
BubbleBoy was apparently created by a “Seinfeld” fan, as the name appears to have been taken from an episode of the TV show. It arrives with the subject line “Bubbleboy is Back!” The body is the message includes the text “The BubbleBoy incident, pictures and sounds.”

The virus can only run if Internet Explorer 5.0 with Windows Scripting Host is installed (standard in Windows 98 and Windows 2000 installations). If security settings for Internet Zone in IE5 are set to High, the worm will not be executed. It does not run on Windows NT.
According to Schraeder, the virus actually takes advantage of a security flaw in Microsoft’s ActiveX technology that was discovered in August. Two components of Internet Explorer 4.0 and 5.0, scriptlet.typelib and Eyedog, are incorrectly labeled as “trusted” — meaning they can retrieve and alter critical information on a user’s computer. BubbleBoy calls on these controls through scripting in the body of an e-mail message in order to access a victim’s computer.
Users who have installed Microsoft’s patch for the flaw (available from this Web site) are not vulnerable to BubbleBoy, but they may be vulnerable to other HTML/e-mail attacks.
“This is a good wake-up call for us, to remind people they need to get the latest security updates and update their virus scanning engine,” Schraeder said.

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.