|
|
||||||||||||||
|
|
VBS.Bubbleboy Name: VBS.Bubbleboy
Description:
VBS.Bubbleboy is an e-mail script worm that uses a vulnerability in English and Spanish versions of Internet Explorer 5.0, affecting Windows 98 and Windows 2000 systems. The worm is embedded in an e-mail message in HTML format - it is not an attachment. The worm can execute in Outlook Express while being previewed, prior to being opened. If using Microsoft Outlook, the worm requires that you open the mail message.
This virus is not in-the-wild. The risk is classified as low. Two variants have been
identified. Neither has a destructive payload. It is significant only because it is the
first infector to pose a risk without requiring the opening of an infected e-mail attachment,
but can execute during the preview function.
The worm is written in VBScript. When executed, it creates "UPDATE.HTA" in the Windows
startup directory. At the next system startup, the file will modify the registry to:
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
|