Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

New Bubble Boy Virus: Real Story and Fix:

0 views
Skip to first unread message

Les Stewart

unread,
Nov 10, 1999, 3:00:00 AM11/10/99
to
Here is an excerpt from a newsletter I subscribe to:
--
Les Stewart
Beaumont, Texas
ste...@ih2000naespam.net remove naespam

=============

Yadda yadda yadda. Ignore the hysteria, folks -- here is what is
*REALLY* going on. There is a significant security hole in Microsoft
Windows 98 (and later versions of 95) that could conceivably give some
nefarious netizen the ability to do ANYTHING to your computer -- like
erase your files, format your hard drive, and so on. Because
Microsoft's products are so closely integrated, this security hole
affects anyone who uses Microsoft Internet Explorer 4 or 5 ... and,
from what I can gather, it also affects anyone who uses Microsoft
Outlook or Outlook Express.

"Bubbleboy" takes advantage of this well-known security hole.

Now for the good news: Microsoft released a software patch that fixed
this hole way back on August 31st! As long as you install the patch,
you have nothing to worry about. Bubbleboy will NOT get you!

Here is how to download and install the patch:

1. Go to Start --> Settings --> Windows Update on your PC. This
launches Internet Explorer and connects you to Microsoft's
Windows Update page [ http://windowsupdate.microsoft.com/ ]

2. On the left-hand side of the page, click on the "Product
Updates" link (it is the one with the hand and the red *)

3. A pop-up window will appear, telling you to wait while your
computer DOESN'T send any information to Microsoft (well,
that's what it says!)

4. Eventually, you'll see a page that says "Select Software."
When Microsoft releases an essential update or patch, they put
it in this page's "Critical Updates" section. So, click on
EVERYTHING in the "Critical Updates" section and then click on
the big, grey "Download" arrow in the top right hand corner of
the page. [The file that fixes the Bubbleboy security hole is
called "Update for Security Vulnerabilities in
'Scriptlet.typlib' and 'Eyedog' ActiveX Controls," but you
might as well download ALL of Microsoft's critical updates
while you're at it -- it is better to be safe than sorry.]

5. Follow the on-screen prompts. That's it! :)

You can also download the patch directly from Microsoft at

<A HREF="http://www.microsoft.com/security/Bulletins/ms99-032.asp">
http://www.microsoft.com/security/Bulletins/ms99-032.asp </A>

but the Windows Update method is a heck of a lot easier!

What about Reuters' warning that "[r]esearchers have discovered what
they believe to be the first e-mail-borne computer infection that
doesn't require a user to open an e-mail or e-mail attachment for it
to wreak havoc?" Should you panic? Of course not. This too shall
pass. Take a deep breath, and then download and install the security
patch. Problem solved. :)

Online at http://www.TOURBUS.com
=================

Spuddie

unread,
Nov 10, 1999, 3:00:00 AM11/10/99
to
On Wed, 10 Nov 1999 08:24:01 -0600, "Les Stewart"
<ste...@ih2000naespam.net> kerlarping in the noonday sun, spabbled:


>Here is an excerpt from a newsletter I subscribe to:

<snipt>

>Microsoft's products are so closely integrated, this security hole

>affects anyone who uses Microsoft Internet Explorer 4 or 5 . ... and,


>from what I can gather, it also affects anyone who uses Microsoft
>Outlook or Outlook Express.

Another good reason to "just say no..." LOL

Cheryl, who shall remain patchless...;)

~~~In heaven there is no beer, that's why we drink it here
And when we're gone from here
Our friends will be drinkin' all the beer!~~~

Frank

unread,
Nov 10, 1999, 3:00:00 AM11/10/99
to
On Wed, 10 Nov 1999 17:38:41 GMT, spu...@slainte.fishnet
(Spuddie) said something like this:

>On Wed, 10 Nov 1999 08:24:01 -0600, "Les Stewart"
><ste...@ih2000naespam.net> kerlarping in the noonday sun, spabbled:
>
>
>>Here is an excerpt from a newsletter I subscribe to:
>
><snipt>
>
>>Microsoft's products are so closely integrated, this security hole
>>affects anyone who uses Microsoft Internet Explorer 4 or 5 . ... and,
>>from what I can gather, it also affects anyone who uses Microsoft
>>Outlook or Outlook Express.
>
>Another good reason to "just say no..." LOL
>
>Cheryl, who shall remain patchless...;)

Bill's browser just isn't for me.
I don't use his Outlook to see
The news or send mail;
Untroubled I sail,
Just a Gruntled Geezer, that's me.

Frank
--
(remove 2 to reply)

Frank

unread,
Nov 10, 1999, 3:00:00 AM11/10/99
to
On Wed, 10 Nov 1999 08:24:01 -0600, "Les Stewart"
<ste...@ih2000naespam.net> said something like this:

>Here is an excerpt from a newsletter I subscribe to:

*** snipped ***

Nice job, Les, for those who need the info.

Alright... you were NOT pictured in that last illustrated
limerick. LOL

Spuddie

unread,
Nov 11, 1999, 3:00:00 AM11/11/99
to
On Wed, 10 Nov 1999 18:26:47 GMT, faz...@earthlink2.net (Frank)
replacing the dottle in their bottle, slurred:


>>Another good reason to "just say no..." LOL
>>
>>Cheryl, who shall remain patchless...;)
>
>Bill's browser just isn't for me.
>I don't use his Outlook to see
> The news or send mail;
> Untroubled I sail,
>Just a Gruntled Geezer, that's me.

>Frank

I looked at your verse and I thought,
"Has the limerick bug bitten, or not?"
I hemmed and I hawed
I screeched and I clawed
Do I shit, or do I get off the pot??

:^)

Cheryl
~~~No snowflake in an avalanche ever feels responsible.~~~
(George Burns)

Les Stewart

unread,
Nov 12, 1999, 3:00:00 AM11/12/99
to

Frank wrote

> Bill's browser just isn't for me.
> I don't use his Outlook to see
> The news or send mail;
> Untroubled I sail,
> Just a Gruntled Geezer, that's me.
>
> Frank

Safe...hmmm...are you sure?
From B-Boy and his lure.
Read on McDuff
The following stuff
'Bout this new bug de jour


--
Les Stewart
Beaumont, Texas

ste...@ih2000naespam.com (remove naespam)

-------------------------

PC's Take on Bubbleboy

<SNIP>

Anyway, here is my analogy for the recent Bubbleboy virus scare.

Imagine if the media discovered that millions of people around the
world were leaving the doors to their houses wide open. The media
would absolutely PANIC. TV reporters and newspaper journalists would
breathlessly warn you that

YOU AND YOUR FAMILY ARE IN GRAVE DANGER! Because of open doors,
thieves can enter your house and steal all your possessions right
from under your nose! Gypsies can enter your home through these
same open doors and steal your children in the middle of the
night! And don't forget about the killer bees! For years we
have told you that you only have to worry about killer bee
attacks when you are outside, but this changes EVERYTHING!
Killer bees can be swarming down your street, see your open
door, swarm into your bedroom, and turn you and your loved ones
into human pin cushions! No one's bedroom is safe!!

OH THE HUMANITY!!!!

It is a shame that the media did not grow up in *MY* house, because
they could have learned a lot from my father. My dad, the Rev. Bob
"Bob" Crispen, taught me a great many things, but there was one piece
of advice he shared with me over and over again. That advice changed
my life forever. You ready for this? Here ya' go: SHUT THE DAMNED
DOOR!!

What does this have to do with the Bubbleboy worm? Well, there is an
inadvertent 'open door' in the Windows operating system that *COULD*
conceivably make your computer vulnerable to outside attack. In
specific, a mean spirited hacker *COULD* 'walk through' this open door
on your Windows PC and read any file on your computer, delete specific
files or programs, or even completely erase your hard drive.
Bubbleboy is the first virus [actually it is a worm] that takes
advantage of this open door.

The important thing to remember is that like our mythical bedroom-
inhabiting killer bees, Bubbleboy really ISN'T the problem. The
problem is the open door! Close the open door to your house and you
won't have to worry about killer bees in your bedroom; close the open
door in Windows and you won't have to worry about Bubbleboy (or its
ilk) causing damage to your computer. [It is amazing that the media
doesn't seem to understand this.]

As I mentioned in my last TOURBUS post, Microsoft released a software
patch in late August that closes this open door in Windows. The patch


is called "Update for Security Vulnerabilities in 'Scriptlet.typlib'

and 'Eyedog' ActiveX Controls," and you can download it from Microsoft
by either running Windows Update -- step-by-step instructions on how
to do this can be found in my last TOURBUS post at
http://listserv.aol.com/cgi-bin/wa?A2=ind9911B&L=tourbus&P=R249&m=101
-- or by downloading the patch directly from Microsoft at

<A HREF="http://www.microsoft.com/security/Bulletins/ms99-032.asp">
http://www.microsoft.com/security/Bulletins/ms99-032.asp </A>.

----------------------------------------------
Who is affected by this so-called 'Open Door?'
----------------------------------------------

Technically, this open door affects everyone who uses Microsoft
Internet Explorer 4.X or 5.X on a PC. However, since Internet
Explorer is so closely integrated into the Windows operating system,
the truth is that *EVERYONE* who uses Windows 98 or 2000 is affected,
even if you don't ever use Internet Explorer.

----------------------------------------------------
Does this 'Open Door' affect Windows 95 or NT users?
----------------------------------------------------

I think so, but I honestly don't know. From what I can gather from
Microsoft, it does. [That download page I mentioned a few moments ago
offers patches for "Microsoft Windows 95 and 98" as well as "Microsoft
Windows NT."].

---------------------------------------
Does this 'Open Door' affect Mac users?
---------------------------------------

Nope. This open door is in the Windows operating system, so it only
affects Windows users. [Chalk one up for 'thinking differently!']

---------------------------------------------------------------------
I read in the media that Bubbleboy only affects Microsoft Outlook and
Outlook Express! I don't use Outlook or Outlook express. Is my
system safe?
---------------------------------------------------------------------

NO! Remember, the problem isn't the bees in the bedroom (Bubbleboy)
it is the open door that let the bees into the bedroom in the first
place (the "open door" in Windows). Bubbleboy is a worm that uses
Outlook or Outlook express to walk through the open door in Windows
and to conceivably do bad things to your system. Even if you don't
use Outlook or Outlook express, you still remain vulnerable because
the door remains open. Bubbleboy may not get you, but the next worm
might. The ONLY way to protect yourself from both Bubbleboy and
future attacks is to CLOSE THE DOOR by downloading and installing the
software patch from Microsoft.

------------------------------------------------------------------
I use Microsoft Outlook on a Mac. Should I worry about Bubbleboy?
------------------------------------------------------------------

Nope. Bubbleboy takes advantage of an open door in Windows. Since
Macs don't have this open door, Bubbleboy poses no threat to your
Mac.

----------------------------------------------------------------------
Do I really have to download and install this software patch? Can't I
just update my virus definitions instead?
----------------------------------------------------------------------

You really have to download and install the software patch. Updating
your virus definitions may protect you from Bubbleboy, but it will do
nothing about the open door in Windows. To protect yourself from the
open door, you're going to have to close it by downloading and
installing the software patch from Microsoft.

--------------------------------------------------------------------
I Ran Windows Update, But I Didn't See The "Update for Security


Vulnerabilities in 'Scriptlet.typlib' and 'Eyedog' ActiveX Controls"

File In The Critical Updates! What Should I Do?
--------------------------------------------------------------------

Run Windows Update again. Once you get to the "Select Software" page,
click on the "Installation History" button at the top of the screen.
When the history finally loads, look for

Update for Security Vulnerabilities in "Scriptlet.typlib" and

"Eyedog" ActiveX Controls (version 5,0,2720,2700) was
successfully installed.

If you see that somewhere on the page, you have already installed the
security patch. If you don't see that, keep reading ...

---------------------------------------------------------------------
I Tried to Run Windows Update, But It Didn't Work! What Should I Do?
---------------------------------------------------------------------

Download the security patch directly from Microsoft at

<A HREF="http://www.microsoft.com/security/Bulletins/ms99-032.asp">
http://www.microsoft.com/security/Bulletins/ms99-032.asp </A>.

----------------------------------------------------------------------
Killer bees in the bedroom? Patrick, you REALLY need to get out more!
----------------------------------------------------------------------

You're telling me?! :P

To sum up, don't worry about Bubbleboy ... worry about the open door!
If you download the software patch from Microsoft, you will protect
yourself from Bubbleboy and its progeny. [Bubbleboy is rather
innocuous -- it doesn't really do any terrible damage to your
computer. New strains of Bubbleboy may not be so kind. Until you
close the open door in Windows, you'll be vulnerable.]

I hope this helped. :)

TODAY'S TOURBUS STOP(S):
PC's Take On Bubbleboy
TODAY'S TOURBUS ADDRESS(ES):
http://www.microsoft.com/security/Bulletins/ms99-032.asp

=====================[ Tourbus Rider Information ]===================
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-99, Rankin & Crispen - All rights reserved
Archives on the Web at http://www.TOURBUS.com

Join: Send SUBSCRIBE TOURBUS Your Name to LIST...@LISTSERV.AOL.COM


Patrick Douglas Crispen

Ian

unread,
Nov 12, 1999, 3:00:00 AM11/12/99
to
Days: 49

On Wednesday, in article <382fad21...@news.uswest.net>
spu...@slainte.net "Spuddie" wrote:

S:"On Wed, 10 Nov 1999 08:24:01 -0600, "Les Stewart"
S:"<ste...@ih2000naespam.net> kerlarping in the noonday sun, spabbled:
S:"
S:"
S:">Here is an excerpt from a newsletter I subscribe to:
S:"
S:"<snipt>
S:"
S:">Microsoft's products are so closely integrated, this security hole
S:">affects anyone who uses Microsoft Internet Explorer 4 or 5 . ... and,
S:">from what I can gather, it also affects anyone who uses Microsoft
S:">Outlook or Outlook Express.
S:"
S:"Another good reason to "just say no..." LOL
S:"
S:"Cheryl, who shall remain patchless...;)
S:"
Below is a message from Our Beloved President (Heavenly choir:
Hallelujah!
Hallelujah!) about this: it's all Greek to me but it might be of use
to Windows users so I post it for what it's worht...

snip header>-
> From: "Jeffrey D. Lacoursiere" <laco...@fastlane.net>
> To: subsc...@fastlane.net
> Subject: VIRUS ALERT - from FastLane
>
>
> Dear FastLane Subscriber,
>
> You may have heard that a new kind of virus can infect your computer
> through email, even if you don't read the message containing the virus.
>
> This is partly true. If you have Preview turned on in Outlook Express, the
> "Bubbleboy" worm virus can get into your computer (PC, not Mac) and attach
> itself to all your outgoing email.
>
> To prevent this, turn off the Preview function in Outlook Express:
>
> 1. Open Outlook Express.
>
> 2. Click on View.
>
> 3. In the View menu, click on Layout...
>
> 4. In the Window Layout Properties, take the check mark OFF "Show preview
> pane." This is in the lower half of the window, below the line labeled
> Preview Pane. When you take the check mark off, the other preview pane
> settings become grayed out.
>
> 5. Click OK.
>
> You are now safe from the Bubbleboy virus and any other virus that uses
> the preview pane.
>
> Learning about viruses
> ----------------------
>
> These sites tell about viruses and how to prevent them. They also tell
> about virus hoaxes, which do almost as much harm as the viruses
> themselves.
>
> If someone mails you a warning about a virus, LOOK IT UP HERE FIRST:
> http://ciac.llnl.gov/ciac/CIACHoaxes.html
>
> This page has lots of information, and says "...Be especially alert if the
> warning urges you to pass it on to your friends. This should raise a red
> flag that the warning may be a hoax."
>
> Check here for information on real viruses, hoaxes, and urban legends:
> http://kumite.com/myths/myths/
>
> You can also find some good information at the International Computer
> Security Association's page. This is an organization of anti-virus
> software companies: http://www.icsa.net/services/consortia/anti-virus/
>
> If you have any questions please feel free to email he...@fastlane.net.
>
> Thanks!
>
> --FastLane Tech Support
>
>
>


--
Ian Ft Worth, TX
Change sum1 to rocker to Reply by e-mail


Frank

unread,
Nov 12, 1999, 3:00:00 AM11/12/99
to
On Fri, 12 Nov 1999 06:23:30 -0600, "Les Stewart"

<ste...@ih2000naespam.net> said something like this:

>


>Frank wrote
>> Bill's browser just isn't for me.
>> I don't use his Outlook to see
>> The news or send mail;
>> Untroubled I sail,
>> Just a Gruntled Geezer, that's me.
>>
>> Frank
>
>Safe...hmmm...are you sure?
>From B-Boy and his lure.
> Read on McDuff
> The following stuff
>'Bout this new bug de jour
>
>--
>Les Stewart

Why Lester, you dawg, I declare,
I think you are trying to scare
This Netscape cruiser
And Eudora user;
I installed the patch with great care.

McDuff

0 new messages