From: | dbuehrer@****.org dbuehrer@****.org |
---|---|
Subject: | [GridSec] Email Virus Warning |
Date: | Thu, 11 Nov 1999 09:36:52 -0700 |
Win98, IE5, and Outlook (or Outlook Express). But still... <shrug>.
----
http://www.mcafee.com/viruses/bubbleboy/
VBS/Bubbleboy is a new Internet worm, discovered 11/08/99. AVERT has
assigned it a LOW risk assessment; it has not appeared in the wild.
VBS/Bubbleboy is a NEW type of worm: Unlike previous worms transmitted
through email, this new type of worm does not come as an executable
attachment. Instead, VBS/Bubbleboy infects PCs as soon as the transmitting
email message is opened. This is a VERY significant innovation! In the
past, it was not possible to contract a virus or worm merely by opening and
reading an email message. This is no longer true, and VBS/Bubbleboy marks
the beginning of a more dangerous computing environment.
VBS/Bubbleboy is transmitted through an email message with the subject
heading "Bubbleboy is back!" It will ONLY infect PCs running Windows 98
with Internet Explorer 5 and Outlook or Outlook Express. PCs using Outlook
are infected upon opening the email message, while Outlook Express users
may be infected by viewing the message with Outlook Express's "Preview
Pane" feature! When the email is opened, the worm creates a file called
UPDATE.HTA. The next time the PC is booted up, the worm sends itself
embedded in an email to EVERY address in EVERY MS Outlook address book on
the local system. It does this only once.
----
-Graht
Your friendly neighborhood ShadowRN GridSec Assistant
--
Other GridSec Assistants
-Dvixen <dvixen@****.com>
-Gurth <gurth@******.nl>
-Marc Renouf <renouf@********.com>
ShadowRN Admin
-Adam Jury <adamj@*********.HTML.COM>
ShadowRN Owner
-Mark Imbriaco <mark@*********.html.com, mark.imbriaco@*****.com>
ShadowRN FAQ
http://shadowrun.html.com/hlair/showfaq.php3?title=shadowrn&faqlistúqsrn