Original Sender : "Hadi Wijaja" <[EMAIL PROTECTED]>
---------------------------------
> > From:
> > E-News: AntiVirus / AV-alert Newsletter
> > from Computer Associates
> > Version 99.18 | November 9, 1999,
> > ==============================================
> > VBS/BubbleBoy 1.0
> > ==============================================
> >
> > VBS/BubbleBoy is a worm spreading through Outlook
> > e-mail. It can be seen as "proof-of-concept" worm.
> > It is the first known worm to activate without the
> > need to open an attachment from a mail.
> >
> > VBS/BubbleBoy is sent as an HTML e-mail with the
> > subject line "BubbleBoy is back!". The HTML page
> > contains hidden (embedded) Visual Basic Script code
> > that will be executed without prompting the user if
> > the Internet Explorer 5 security settings are set
> > to medium or low.
> >
> > It uses a known Internet Explorer 5 exploit to write
> > parts of its code ("update.hta") in the Windows
> > startup directory. At the next system start the code
> > will be executed.
> >
> > The routines require a special environment (e.g. the
> > "WScript.Shell" object from the Windows Scripting
> > Host must be accessible) to run properly. The Windows
> > Scripting Host is part of Windows 98 but may be installed
> > as an external update on other Windows versions as well.
> > Additionally the worm is not compatible to all language
> > specific versions of Windows.
> >
> > The mass mailing feature of this worm is comparable
> > to the mass mailing functionality found in the Melissa
> > virus family. First the worm changes the registered owner
> > to "BubbleBoy" and the registered organization to
> > "Vandelay Industries". Afterwards the worm reads the
> > registry key "HKEY_LOCAL_MACHINE\Software\OUTLOOK.BubbleBoy\"
> > and compares the contents with "OUTLOOK.BubbleBoy 1.0 by
> > Zulu". If this string is not found, the mass mailing code
> > will be executed.
> >
> > The worm will create a message to all entries in the
> > Outlook address book of the attacked user. The subject
> > line of the message is
> >
> > "BubbleBoy is back!"
> >
> > The message body (HTML) contains the title "BubbleBoy is
> > back!" and the text
> >
> > "The BubbleBoy incident, pictures and sounds".
> >
> > The body also contains a link to a Web page. Finally the
> > virus sets a flag to delete the message, after it has been
> > submitted.
> >
> > There is no additional payload in this worm.
> >
> > -------
> > AFLHI 058009990407128029/089802---(102598//991024)
>
>
> ------------------------------------------------------------------------
> A shopper's dream come true! Find practically anything on earth at eBay!
> Come and browse the more than 2 million items up for bid at any time.
> You never know what you might find at eBay!
> http://clickhere.egroups.com/click/1140
>
>
> eGroups.com home: http://www.egroups.com/group/unipa
> http://www.egroups.com - Simplifying group communications
>
>
>
>
----------------------------------------------------------------
Compu-Mania MailingList is provided by PT Centrin Utama
Maintained by : [EMAIL PROTECTED]
To Post a msg : Send mail to [EMAIL PROTECTED]
To Unsubscribe : Mail to [EMAIL PROTECTED]
BODY : unsubscribe Compu-Mania
For more information, send mail to [EMAIL PROTECTED]
with "HELP" in the BODY of your mail (without quote).
----------------------------------------------------------------
