Monday, November 15, 1999 Published at 11:00 GMT
E-mail security bubble bursts
Just viewing the e-mail activates the virus
A dangerous new type of e-mail virus emerged on Tuesday which reveals the potential to wreak havoc on computers by simply looking at an e-mail.
The virus is called BubbleBoy and was e-mailed to researchers at Network Associates, a US computer security company.
"This ushers in the next evolution in viruses. It breaks one of the long-standing rules that you have to open an e-mail attachment to become infected," said Network Associates spokesman Sal Viveros. "That's all changed now."
The researchers believed its threat is so serious that they notified the FBI, said Vincent Gullotto, director of the company's virus detection team. "This could be a watershed," he said.
Graham Cluley of Sophos Antivirus told BBC News Online: "BubbleBoy does not have a deliberate destructive payload but does e-mail itself to everyone in your address book.
"The Melissa virus only mailed the first 50 addresses and that traffic caused some companies to shut down their servers, losing business and real money."
Bubbleboy is not yet "in the wild" but it shows how easily a more destructive virus, which steals personal information or erases a hard disk, could enter a computer.
Mr Cluley said that if people had not patched Internet Explorer security holes or did not have up-to-date antivirus software, then BubbleBoy was unstoppable - if you see the e-mail in your inbox, then you are already infected.
Antivirus companies have been rushing to post upgrades to their software on their websites.
Don't even look
The virus affects computers running Microsoft's Windows 98, the web browser Internet Explorer 5.0 and the e-mail programs Outlook or Outlook Express. Some versions of Windows 95 are also affected but not Windows NT or Netscape programs.
Bubbleboy only requires that the e-mail be previewed on the inbox screen. As soon as this is done the virus infects the computer.
This happens because Outlook, and other programs like Eudora, convert any HTML code into formatted text. This action allows other code to be run, in this case releasing the virus.
The HTML conversion should not allow a virus to enter but two security holes in Internet Explorer, known since August, left a door open for hackers.
Mr Cluley said: "Microsoft has seriously goofed up again."
He said people should plug the holes with a Microsoft patch available on the web. They could then continue using MS software but avoid future exploitation of these holes by hackers,
A more straightforward way of avoiding BubbleBoy is to set Internet Explorer's security to High for the internet zone.
Bubbleboy is named after an episode of US comedy show Seinfeld and is just five kbytes in size. The email carrying it has the subject text "BubbleBoy is back!"