VBS.BubbleBoy is a worm that works under Windows 98 and Windows 2000. The worm also works under Windows 95, but only if the Windows Scripting Host is installed. The worm only works with the English and Spanish versions of these operating systems, and does not work under Windows NT.
The computer must use Microsoft Outlook (or Express) with Internet Explorer 5 in order for the worm to propagate.
The worm utilizes a known security hole in Microsoft Outlook/IE5 to insert a script file, Update.hta, when the email is viewed. It is not necessary to detach and run an attachment.
Update.hta is placed in the StartUp folder. Therefore, the infection routine is not executed until the next time you start your computer. Update.hta is a script file that uses MS Outlook to send the worm email message to everyone in the MS Outlook address book.
Patching the known security hole in Microsoft Outlook/IE5, prevents the worm from propagating. For further information regarding the security hole, please read the following Microsoft article:
Microsoft has provided a patch to fix this problem at http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
The worm will not propagate if IE5 Internet security settings have been set to "High."
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.