By Ron Harris, Associated Press, 11/09/99
SAN FRANCISCO - A dangerous new type of e-mail virus emerged on Tuesday, able to destroy information on computers even when users are careful not to fully open the messages.
|
Network Associates, on the Web @ www.nai.com, has posted information on the virus.
A software patch created to protect against the virus is available for free at www.mcafee.com.
In a Virus Alert, Networks Associates explains that 'Bubbleboy' is not executed as a plain text message. Rather, it is an HTML file which contains a program written in Visual Basic script, VB Script.
Mail clients such as Microsoft's Outlook Express and Lotus Notes are susceptible because they have interpreters that recognize HTML code and Visual Basic.
When the virus program appears in a preview pane of the e-mail client, the virus script is interpreted and executed.
(Boston.com Staff)
|
|
|
|
The virus, nicknamed "Bubbleboy'' after an episode of the TV show "Seinfeld,'' was e-mailed late Monday to researchers at Network Associates, a computer security company in Santa Clara. The company put a free software patch capable of blocking the attack on their Web site Tuesday.
"This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an e-mail attachment to become infected,'' said Network Associates spokesman Sal Viveros. "That's all changed now.''
The company isn't certain who sent the virus, but researchers believed its threat is so serious that they notified the FBI on Tuesday, said Vincent Gullotto, director of the company's virus detection team.
"It could basically disable your PC easily,'' Gullotto said. "This could be a watershed.''
The virus sent Monday night was more playful than destructive as it wormed its way through a computer's hard drive, renaming the computer's registered owner as "Bubbleboy'' and making other references to "Seinfeld.'' It also takes every address in a computer's e-mail program and passes the virus along.
The same technology, when paired with previously known malicious commands, could be used to steal personal information or erase a computer's hard drive entirely - attacks that, given the history of hacker culture, Gullotto believes could appear within two to three months.
"This could be the catalyst,'' Gullotto said. "While the Melissa virus was 'hell coming to dinner,' we have reassessed that and know that something bigger, meaner and nastier is on it's way.''
The Melissa computer virus clogged e-mail systems around the world when it hit in March, but many computer users were able to avoid trouble by deleting the e-mails without reading them. Like other e-mail viruses, Melissa wreaked havoc only after users double-clicked an attachment to the seemingly benign messages.
"Bubbleboy'' only requires that the e-mail be previewed on the Inbox screen of Microsoft's Outlook Express, a popular e-mail program. As soon as the e-mail is highlighted, without so much as a click of a mouse, it infects the computer.
The virus affects computers with Windows 98 and some versions of Windows 95 that also use Microsoft's Internet Explorer 5.0 and Outlook Express Web browser and e-mail programs. It apparently does not affect Netscape's e-mail programs, Gullotto said.
Even without Network Associates' software patch, there is an easy fix. Enabling Microsoft's highest-security filter will block such e-mails and keep the virus from entering.
Bill Pollak, a spokesman for the Computer Emergency Response Team at Carnegie Mellon University, said his researchers would be looking out for the new type of virus.
Researchers believe the virus, which appears as a black screen with the words "The Bubbleboy incident, pictures and sounds'' in white letters, was sent by the same person who created another virus in July - "Freelink'' - which forwarded e-mail with links to pornographic Web sites to stolen e-mail addresses.
