This month marks the fourth anniversary of Bubbleboy, the first malicious code to run automatically -without user intervention- by exploiting a vulnerability in MS Outlook and MS Outlook Express. Since its appearance, numerous malicious codes have used this method of propagation. The most notorious examples include Klez.I and Bugbear, highlighting the risk that this kind of virus represents and the need for users to adopt adequate security measures.
VBS/BubbleBoy is written in VB Script and takes advantage of vulnerabilities in MS Outlook and MS Outlook Express to execute itself in systems using Windows Scripting Host (Windows 98, Windows 2000 and Windows 95 systems which have it installed) and Internet Explorer 5. This virulent code does not arrive in an attached file but instead runs automatically once the infected message is opened.
The emergence of Bubbleboy signified the beginning of an era in which security problems in widely-used programs are used to malicious ends. The main evidence of this has been the spread of viruses that exploit vulnerabilities. Leading exponents of this sinister practice include Klez.I and Bugbear, which take advantage of the vulnerability Exploit/iFrame in Internet Explorer which allows the automatic execution of files sent by e-mail. This has seen Bugbear become the top virus detected by Panda ActiveScan, the free online antivirus, during October, and Klez.I top the charts from April to September of this year.
To protect your computers from self-executing viruses, the following measures should be implemented:
As all of these viruses spread through e-mail, it is extremely important to treat messages received with caution:
Scan messages you receive with a reliable antivirus (which should be updated regularly).
Verify the sender and subject of the e-mail before opening them.
These malicious codes feed off vulnerabilities in older versions of programs even though developers have already announced the problem and released the corresponding patches. It is therefore important to regularly update your operating system and other frequently used applications.
For these viruses to execute, the Preview Pane option must be activated. If it is possible to deactivate this option, the risk of this infection can be mitigated.