Skip to main content

BubbleBoy: a New Generation of Internet-Based Malicious Code

10 November 1999

The antidote is already discovered Cambridge, UK, November 10, 1999 - Kaspersky Labs Int., an international anti-virus software vendor, reports the discovery of a new generation of Internet-based malicious code that constitute a real danger to all computer users and corporate networks....

The antidote is already discovered

Cambridge, UK, November 10, 1999 - Kaspersky Lab Int., an international anti-virus software vendor, reports the discovery of a new generation of Internet-based malicious code that constitute a real danger to all computer users and corporate networks. I-Worm.BubbleBoy is the first Internet-worm able to spread through e-mail without using attachments. It means that the worm can penetrate into the system right after the infected message has been read.

All previously known Internet-worms are using a common way of spreading while sending itself in attachments in e-mail messages. BubbleBoy penetrates into a system right after an infected message has been read and sends itself to e-mail addresses from MS Outlook address book without a user even to notice this.

"At this moment we have not been reported the cases of mass infections by this Internet-worm. However we should warn all the computer users to take all needed precautions in order to avoid the worm's further spreading", - said Eugene Kaspersky, head of anti-virus research at Kaspersky Lab.

Infection Indications

An infection by BubbleBoy can be recognised by the following. The worm indicates on it's presence by adding thses records into a system registry:

HKEY_LOCAL_MACHIN\Software\OUTLOOK.BubbleBoy\ = OUTLOOK.Bubbleboy 1.0 by Zulu

or (depending to the version of the worm)

HKEY_LOCAL_MACHIN\Software\OUTLOOK.BubbleBoy\ = OUTLOOK.Bubbleboy 1.1 by Zulu

as well as

HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\RegisteredOwner = Bubbleboy

HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\RegisteredOrganization = Vandelay Industries
Infection Prevention

To provide 100% security level against possible attacks by BubbleBoy worm you should follow one of these steps:

  1. Install an update from Microsoft that eliminates security "Scriptlet.Typelib" vulnerability. The update can be obtained at http://support.microsoft.com/support /kb/articles/Q240/3/08.ASP
  2. In case you do not use any HTML applications (HTA-files), you can secure your system by disabling file association for .HTA extension. To do so you should follow these steps:
    • Double click "My Computer" icon on desktop;
    • In appeared window choose menu "View" then "Options...";
    • On "File Types" tab in "Registered file types" listbox select "HTML Applicaton" item;
    • Click "Remove" button and confirm action;
    • Close options dialog box.
Technical Details

BubbleBoy: a New Generation of Internet-Based Malicious Code

The antidote is already discovered Cambridge, UK, November 10, 1999 - Kaspersky Labs Int., an international anti-virus software vendor, reports the discovery of a new generation of Internet-based malicious code that constitute a real danger to all computer users and corporate networks....
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases