Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education

Front Page



UK Politics







Talking Point

In Depth

On Air

Low Graphics

Monday, November 15, 1999 Published at 11:00 GMT


E-mail security bubble bursts

Just viewing the e-mail activates the virus

A dangerous new type of e-mail virus emerged on Tuesday which reveals the potential to wreak havoc on computers by simply looking at an e-mail.

The virus is called BubbleBoy and was e-mailed to researchers at Network Associates, a US computer security company.

"This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an e-mail attachment to become infected," said Network Associates spokesman Sal Viveros. "That's all changed now."

The researchers believed its threat is so serious that they notified the FBI, said Vincent Gullotto, director of the company's virus detection team. "This could be a watershed," he said.

Financial implications

Graham Cluley of Sophos Antivirus told BBC News Online: "BubbleBoy does not have a deliberate destructive payload but does e-mail itself to everyone in your address book.

"The Melissa virus only mailed the first 50 addresses and that traffic caused some companies to shut down their servers, losing business and real money."

Bubbleboy is not yet "in the wild" but it shows how easily a more destructive virus, which steals personal information or erases a hard disk, could enter a computer.

Mr Cluley said that if people had not patched Internet Explorer security holes or did not have up-to-date antivirus software, then BubbleBoy was unstoppable - if you see the e-mail in your inbox, then you are already infected.

Antivirus companies have been rushing to post upgrades to their software on their websites.

Don't even look

The virus affects computers running Microsoft's Windows 98, the web browser Internet Explorer 5.0 and the e-mail programs Outlook or Outlook Express. Some versions of Windows 95 are also affected but not Windows NT or Netscape programs.

Bubbleboy only requires that the e-mail be previewed on the inbox screen. As soon as this is done the virus infects the computer.

This happens because Outlook, and other programs like Eudora, convert any HTML code into formatted text. This action allows other code to be run, in this case releasing the virus.

The HTML conversion should not allow a virus to enter but two security holes in Internet Explorer, known since August, left a door open for hackers.

Microsoft "goof"

Mr Cluley said: "Microsoft has seriously goofed up again."

He said people should plug the holes with a Microsoft patch available on the web. They could then continue using MS software but avoid future exploitation of these holes by hackers,

A more straightforward way of avoiding BubbleBoy is to set Internet Explorer's security to High for the internet zone.

Bubbleboy is named after an episode of US comedy show Seinfeld and is just five kbytes in size. The email carrying it has the subject text "BubbleBoy is back!"

Advanced options | Search tips

Back to top | BBC News Home | BBC Homepage | ©

Sci/Tech Contents

Relevant Stories

03 Aug 99 | Sci/Tech
New virus spills your beans

13 Jul 99 | Sci/Tech
Back Orifice is child's play, say virus firms

15 Jun 99 | Sci/Tech
Computer virus takes its toll

28 Apr 99 | Sci/Tech
Chernobyl virus causes Asian meltdown

30 Mar 99 | Sci/Tech
Melissa virus goes global

Internet Links

Sophos: BubbleBoy

Network Associates: BubbleBoy

Microsoft Internet Explorer security hole

Microsoft Internet Explorer security hole patch

The BBC is not responsible for the content of external internet sites.

In this section

World's smallest transistor

Scientists join forces to study Arctic ozone

Mathematicians crack big puzzle

From Business
The growing threat of internet fraud

Who watches the pilots?

From Health
Cold 'cure' comes one step closer