O.T. Bubble boy virus.......

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

'Bubbleboy' virus could become lethal Researchers have discovered what they believe to be the first e-mail-borne computer infection that doesn't require a user to open an e-mail or e-mail attachment for it to wreak havoc. Dubbed ``Bubbleboy'' after an episode of TV sitcom ''Seinfeld,'' the virus is known as a worm because it is self-propagating. Researchers at antivirus software firm Network Associates Inc. received the computer infection anonymously Monday night at about 10 p.m. local time. Story to follow. --


-- kevin (innxxs@yahoo.com), November 09, 1999


Does anyone know what Network Associates uses for their e-mail?

-- (cannot-say@this.time), November 09, 1999.

The techies and "entrepreneurs" have been so hot to create the latest "cool" app, that the ramifications of their creations have not been considered. Especially security.

Consider that if a site can send you a "cookie" (which means it can WRITE data to a file on YOUR COMPUTER, then read that data at some future date), there is not reason the supposed safeguards cannot be defeated, so as to write to ANY file or delete any file, or send to you and EXECUTE on your machine a malicious program, or read any other file on your computer (like a personal data file containing your credit card numbers, porn collection, e*trade password, etc.)

Consider the e-mail viruses that can read your e-mail address book ans send a copy of the virus to all on your list.

Consider Java script and Java, which remotely interact with your computer.

Consider that your operating system, being network enabled, allows your machine to be remotely controlled.

As long as your computer can be remotely taken control of, AND IT CAN, your security and privacy is at risk.

The only solution is operating systems, browsers, and e-mail programs which DO NOT ALLOW, under any circumstances, remote control of your machine. Nothing less will do.

Now, I can hear the screams from all the IS people that want networks. I can hear the screams of all the internet vendors who want to mine your files for "demographic" data. F*em.

It's only a matter of time until we are all bitten. Maybe "Bubbleboy" is it. If BB is real, it means the end of e-mail until a whole new operating system and browser combination is available.

-- A (A@AisA.com), November 09, 1999.

To add one point. All the anti-virus programs (Norton, Symantec, Network Associates, etc.) are merely a band-aid, trying to stop a HEMORHAGE. They will ALWAYS be a step behind the virus makers. The reason being is that the present operating systems, browsers and e-mail systems are FUNDAMENTALLY vulnerable.

Just like Y2K, patches and workarounds are no substitute for a systematic COMPLIANCE (using YYYYMMDD) in ALL data and programs).

-- A (A@AisA.com), November 09, 1999.


To some extent, you are very correct.... if the e-mail system is a windows type system. If the front end of the system is Unix or something different, you may be able to kill the virus before it spreads. Most of the virus are written to execute on a windows platform, thus will not hurt the other OS's out there. It is something to think about... having a unix front end, running a program to identify and kill the virus, before passing it along to the various window clients. Just my 0.02

-- (cannot-say@this.time), November 09, 1999.

So another fan of Bill Gates' writes an incredibly dangerous virus; notice that it specifically targets Outlook and Outlook Express. The mutations off "Bubble Boy" will be enough to bring a lot of machines to their knees. Regarding A's comments, both JavaScript and Java can, and have, take advantage of software shortcomings on your pc - and right from the web. The most recent example that comes to mind is a 17 year old in NY put together a JavaScript program that was able to read into the cache on Netscape Navigator 4.X. Doesn't sound too dangerous? First of all, the script is interacting with files on your machine. Second, if you have sensitive info in your cache (i.e. credit card #s) from secure sites chances are you don't want it read.

-- Mori-Nu (silkenet@yahoo.com), November 10, 1999.

MSNBC reported: "A long-feared new breed of computer virus has finally emerged, according to antivirus firms. The so-called BubbleBoy virus can infect Internet users when they open, or even simply preview, an infected e-mail. Historically weve always said, as long as you dont open attachments, youre safe, Network Associates spokesman Sal Viveros said. Thats not true any more. Bubbleboy is a proof of concept virus that has no dangerous payload, meaning it doesnt attempt to delete or alter files. But it does have the ability to create a Melissa-like mail storm as it sends copies of itself to every e-mail address in the victims address book...The problems are caused by e-mail readers that render HTML, like Microsofts Outlook or Eudora Pro. Since these programs allow Web-page-like formatting within the body of the message, they also allow execution of code. With Outlook Express, that code can be executed even before the message is open, thanks to the preview pane included with the software."

-- BH (bh_silentvoice@hotmail.com), November 10, 1999.

PALO ALTO, Calif. (Reuters) - Researchers have discovered what they believe to be the first e-mail-borne computer infection that doesn't require a user to open an e-mail or e-mail attachment for it to wreak havoc.

Dubbed ``Bubbleboy'' after an episode of TV sitcom ''Seinfeld,'' the virus is known as a worm because it is self-propagating. Researchers at antivirus software firm Network Associates Inc (Nasdaq:NETA - news). received the computer infection anonymously Monday night at about 10 p.m. local time.

``Historically, as long as you don't open e-mail attachments you're safe from virus infection, but this changes all that,'' said Sal Viveros, a marketing manager at Network Associates. ''We've finally come to the point where if you're using e-mail, specifically (Microsoft Corp (Nasdaq:MSFT - news).'s) Outlook, you need to have some sort of virus protection or you shouldn't read e-mail.''

Although the Bubbleboy virus that researchers received last night didn't cause harm such as deleting files or stealing passwords, it won't be long before variants crop up that are indeed destructive, Viveros said.

``In this case, it's just sending itself all over the place but it could fairly easily delete files or steal passwords,'' Viveros said.

Bubbleboy appears as an e-mail with ``Bubbleboy is Back!'' in the subject line and includes pictures and sounds from the Seinfeld episode that gave it its name.

Bubbleboy follows other e-mail-borne viruses that have already swept the Internet such as the ``ExploreZip worm,'' which can erase files from a user's computer, and the Melissa virus, which gained notoriety for its ability to spread quickly but not because it destroyed any data.

Network Associates gave Bubbleboy a ``low risk'' classification for now because customers haven't yet notified it that the virus has appeared on their computers.

What makes this worm particularly nefarious is that if a user is running Outlook Express and has the preview pane enabled, the worm can infect the computer without the user even opening the e-mail.

The preview pane in Outlook Express lets users scan e-mails to see their contents without having to open them first. Other e-mail programs such as Exchange and Lotus Notes are also vulnerable, Viveros said.

``Now just by reading an e-mail you can be infected, and if you're using Outlook Express you don't even need to read it,'' Viveros said. The worm will then send itself to everyone listed in that e-mail program's address book.

Bubbleboy refers to a Seinfeld episode in which a boy who lives in a bubble because of a faulty immune system is a big fan of Jerry Seinfeld, who plays himself as a stand-up comic on the popular series. Jerry and George Castanza, a friend of Jerry's, visit the boy and play Trivial Pursuit.

But the answer on one of the cards is misspelled, and the boy in the bubble and George get into a fight. The fight ends with George accidentally popping the boy's bubble.

``But unfortunately, this virus is not very funny,'' Viveros said.

-- Sysman (y2kboard@yahoo.com), November 10, 1999.

I heard on the radio that it affects Microsucks Internet Explorer (IE) -- but one never knows if the reportage was right and they really meant Outlook, or IE. Just a precauutionary note.

No mention of Netscape, yet, but that doesn't mean there couldn't be a problem.

Since Microsucks now has about 75% of the browser market since Billy Boy bundled it with Windows, obviously IE would be the first target. I would switch to Netscape, myself, if I wasn't already using it.

In any event, taking a hint from one of the above posts, it would be advisable to turn off, in your browser, if you can, the HTML enabling for e-mail.

-- A (A@AisA.com), November 10, 1999.

At work, my Netscape is v 4.61. I can turn off HTML for sending e-mail, but can't turn it off for receiving, as far as I know. Am I going to have to start saying that Netscape sucks as well as Microsucks?

I won't know about my home version of Netscape until later.

Maybe this will spark a resurgance in the "old-fashioned" fax machine, but maybe with OCR to create text from the faxes received.

Or -- anyone know anything about "Opera" browser? Does it handle e-mail. Does it do it securely (HTML "off" option)?

-- A (A@AisA.com), November 10, 1999.

Newspaper article says "This virus affects computers with Windows 98 and some versions of Wndows 95 that also use Microsoft's [Microsucks'] Internet Explorer 5.0 and Outlook Express Web browser and e-mail programs. It apparently does not affect Netscape's e-mail programs ...

[] and bold added.
Yes, Micro sucks.

A patch is available free at www.mcafee.com

-- A (A@AisA.com), November 10, 1999.

New article at:

-- A (A@AisA.com), November 10, 1999.

Moderation questions? read the FAQ