Select countryLysaker, November 09, 1999
A new malicious program was discovered by Norman's Virus Analysis Team 08 November.
This is the first malicious program which infects a user's PC by e-mail without having to open/run an e-mail attachment. Thus it contradicts the common belief that it was impossible to be infected just by opening the e-mail itself.
This is a so-called worm, and comes as an e-mail which appears to be legitimate. The e-mail's subject is "BubbleBoy is back!".
The worm, called VBS/Bubble, is dependant on Microsoft Outlook or Outlook Express as the e-mail client to be able to infect. It further requires that Internet Explorer version 5 is installed. Vulnerable operating systems are Windows 95 and Windows 98. Due to an error in the worm's program code it does not infect Windows NT.
When an e-mail with this worm is opened, it drops a file in Windows' Startup directory. Next time the PC is booted, the worm e-mails itself to all entries in Outlook's address book.
VBS/Bubble is not reported to be in the wild. The potential for spreading is probably high if it at a later time is released in the wild. One might also expect malicious program which utilize this technique to be found in the wild at a later time.
Norman's weekly virus detection release dated 10 November 1999 will detect this worm.
-------
Norman ASA is one of the world's leading companies within the field of data security. Norman offers high-quality products and services within the areas of risk analysis, virus control, access control, encryption and network security, data recovery and certified data erasure. Today, there are more than six millions users of Norman software. The company is represented by subsidiaries and strategic alliances in USA, Europe, Asia and Australia. Norman is headquartered at Lysaker outside Oslo, Norway.