Archive for Monday, November 15, 1999

PATCH MICROSOFT PROGRAMS BEFORE BUBBLEBOY HITS

November 15, 1999

Advertisement

It had to happen sooner or later.

We've discussed computer viruses and worms and Trojan horses and the like on many occasions in this space, including the occasional virus hoax. It has generally been true that viruses distributed via e-mail messages are harmless, as long as the recipient doesn't run any application or open any word-processor document that comes with the e-mail message as an attachment to the message. Unfortunately, things have changed.

There is now a virus, distributed via e-mail, that can infect your machine when you highlight the message's subject line in your in-box or read the message. The "Bubbleboy" virus exploits a security hole in Microsoft Outlook (or Outlook Express). To be vulnerable to Bubbleboy, you must also be running Windows 98 or Windows 2000, along with Internet Explorer version 5. Under some conditions, the virus will also work under Windows 95. In other words, Macintosh users are not affected, nor users of any other Windows e-mail client. Bubbleboy targets a very specific problem with Windows, Internet Explorer 5 and Outlook.

Technically, Bubbleboy is not a virus, but rather a "worm" that, when executed, places a script file on your machine that sends a copy of itself to every address in your Outlook address book file.

If you use Microsoft Outlook or Outlook Express to read your e-mail, be careful not to click on a subject line in the in-box list that says "Subject: Bubbleboy is back!" If you do click on that line, the body of the message will be displayed: "The Bubbleboy incident, pictures and sounds, http://www.towns.com/dorms/tom/bblboy.htm". By the time you've seen this message, your machine has already been infected, although the worm won't begin working until the next time you restart your machine.

The Bubbleboy worm messes with certain system settings and modifies certain configuration files, inserting the words, "Bubbleboy" and "Vandelay Industries" in various places (fans of NBC's "Seinfeld" will enjoy this). None of these things is particularly dangerous, and in general, while Bubbleboy is an annoyance, it is not malicious. On the other hand, some would argue that ANY program that makes such changes without permission should be considered dangerous.

Fortunately, you can protect yourself from Bubbleboy and any other worms that might attempt to exploit the Outlook/IE5 security hole by simply patching the hole. Microsoft has released a patch, and you can find it by pointing your Web browser to http://www.microsoft.com/security/Bulletins/ms99-032.asp. There also is a lot more information about the security hole at http://www.microsoft.com/Security/Bulletins/MS99-032faq.asp.

There is also a pretty comprehensive page of information about Bubbleboy, including specifics about what it does to your machine, at the Symantec Web site at http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html.

Be careful out there, boys and girls.

-- Doug Heacock is executive director of the Kansas Research and Educational Network at Kansas University. You may address questions to him in care of the Lawrence Journal-World, 609 N.H., Lawrence 66044, or e-mail him at heacock@kanren.net.

Commenting has been disabled for this item.