What It Does
This Virus is not really a virus but a "worm" program. It does no malicious acts,
other than replicating itself and sending it self to everyone on the users Outlook and Outlook Express address book.
It then also proceeds to change the users Name and Organization info of the computer to
"BubbleBoy" and "Vandelay Industries" ( a reference to a Seinfeld episode).
What It Looks Like
The actual e-mail will come to a user's system with the
"from" line referring to the person who unintentionally sent it and the subject line: "BubbleBoy is back!"
The body of the e-mail, when opened, will contain a black screen and the text, "The BubbleBoy incident, pictures and sounds," along with an invalid URL ending in "bblboy.htm."
How to Prevent It
To infect a system, this Internet worm requires Internet Explorer 5 with
Windows Scripting Host installed, which is standard in Windows 98 and Windows 2000 installations.
It does not seem to run on Windows NT, at this time.
There is a patch, a fix, to this problem at Microsoft's website at http://windowsupdate.microsoft.com or at www.microsoft.com/security/Bulletins/ms99-032.asp
A more immediate solution is prevention before being infected. This virus currently only infects users running Microsoft Outlook and Outlook Express.
In Outlook, this worm requires that you "open" the email, and will not run if the email is viewed through the "Preview Pane."
In Outlook Express, however, the worm activates even if the email is only viewed through the "Preview Pane." Thus, if you receive an e-mail as described in the What it looks like section above, do NOT open or even preview it but simply RIGHT click on the email on the list and from the menu that pops up, choose delete.
Also, the major Virus software companies such as Norton and McAfee have no preventions to this new threat, but simply refer to the above mentioned address at Microsoft's webpage to install the patch.
