VBS.Bubbleboy


  • Download the latest version of Command AntiVirus

  • Get the latest virus definition files

  • Buy Command AntiVirus online


    • Name:VBS.Bubbleboy
    Aliases:VBS/Bubbleboy
    Type: Internet worm

    Description:

    VBS.Bubbleboy is an e-mail script worm that uses a vulnerability in English and Spanish versions of Internet Explorer 5.0, affecting Windows 98 and Windows 2000 systems. The worm is imbedded in an e-mail message in HTML format - it is not an attachment. The worm can execute in Outlook Express while being previewed, prior to being opened. If using Microsoft Outlook, the worm requires that you open the mail message. This virus is not in-the-wild.The risk is classified as low. Two variants have been identified. Neither has a destructive payload. It is significant only because it is the first infector to pose a risk without requiring the opening of an infected e-mail attachment, but can execute during the preview function.

    The worm is written in VBScript. When executed, it creates "UPDATE.HTA" in the Windows startup directory. At the next system startup, the file will modify the registry to:

    • Change the registered owner to "Bubble Boy"
    • Change the registered organization to "Vandelay Industries"
    The worm will then attempt to imbed itself in an e-mail message to all Outlook or Outlook Express Address Book entries once. The message has the following text:
    • From: [infected sender's name]
    • Subject: "Bubble Boy is Back!"
    • Message Body: "The Bubble Boy incident, pictures and sounds" and a URL link.
    BubbleBoy exploits a security flaw in Microsoft�s ActiveX technology, involving the ActiveX components scriptlet.typelib and Eyedog. These components are marked "trusted", allowing them to take actions based on the user's privileges on that machine. Microsoft has issued a security patch for Internet Explorer that will prevent the worm from executing. This patch, and information regarding it, may be obtained from Microsoft's web site.


    Virus Databases Virus Links
    Virus Research Submitting a Virus




    Test
    Drives
    Year
    2000
    Site
    Map
    Customer
    Service
    Press
    Room
    Awards/
    Reviews
    Global
    Resellers

     Home


    Command Software, Inc. Command Software Systems, Inc.
    1061 East Indiantown Road · Suite 500
    Jupiter · FL   33477
    Phone: (561) 575-3200