The evolution of the virus continues it seems, and researchers are learning more about virus authors. For example, they appear to like Seinfeld. PC Week has this story regarding a new virus (actually a worm) that was e-mailed to several anti-virus companies. Ironically the companies think the virus may have been mailed in by the virus author to gain attention (guess it worked, huh?). The worm is named “BubbleBoy” in an apparent Seinfeld reference (the virus also makes a “Vandelay Industries” reference, another Seinfeld in-joke).
The virus is harmless from the standpoint that it doesn’t contain any purposely malicious code, or payload. Having said that, the worm replicates by sending itself to everyone in the target’s Outlook address book, so it sounds as though it could clog e-mail systems and cause other Melissa-like problems.
What makes the virus interesting (and frightening) is that, unlike other viruses, BubbleBoy does not require a file attachment be run in order to become active. The virus (which is a Visual Basic Script file) runs as soon as an e-mail is opened in Outlook or even (in the case of Outlook Express) shown in the preview pane. Needless to say, while BubbleBoy has no payload, if a virus author adapted BubbleBoy to do something malicious, the result could be the worst virus yet.
Having said that, the article implies that BubbleBoy could be using an exploit that has already been patched. Symantec is currently looking at BubbleBoy to determine if it uses an IE 5.0 security flaw for which Microsoft has already posted a patch. More to come, I’m sure…