Issued by National Computer Board (NCB) and the Singapore Computer Emergency Response Team (SingCERT) 1 A new kind of potentially virulent and fast-spreading computer virus that is triggered simply by opening an infected ...
Singapore, 12 November 1999 | For Immediate Release
Issued by National Computer Board (NCB) and the Singapore Computer Emergency Response Team (SingCERT)
1. A new kind of potentially virulent and fast-spreading computer virus that is triggered simply by opening an infected email message has been discovered on the Internet. The National Computer Board (NCB) and the Singapore Computer Emergency Response Team (SingCERT) are issuing this media alert to advise users of the necessary precautions to protect themselves against potential attacks by this new virus, dubbed BubbleBoy.
2. BubbleBoy is a worm-like virus that affects Windows 95/98/2000 operating systems that are running Microsoft Outlook with Internet Explorer. It does not affect Windows NT. The virus exploits a security loop-hole in Microsoft Outlook (or Outlook Express) with Internet Explorer 5. Unlike other viruses like Melissa, BubbleBoy is not found as an attachment. It is activated when the user opens the infected email in MS Outlook. However, in MS Outlook Express, the virus is activated even if "Preview Pane" is used. When Windows is next started up, the virus will run an unauthorised programme on the victim's computer, changing the sender's information to "BubbleBoy" and "Vandelay Industries", before emailing itself to every address book email in MS Outlook. If the security setting in Internet Explorer is set to High, the virus will not be activated.
3. A patch (http://www.microsoft.com) has been provided by Microsoft to address the problem. According to anti-virus vendors, the likelihood of occurrence is rare. So far the virus has been confined to laboratories of anti-virus vendors, and has not hit public users. Updated virus signature files can also be obtained from popular anti-virus software vendors.
4. SingCERT has not received any report of occurrence of the BubbleBoy virus. However, PC users are advised to take the necessary precautions to protect against virus attacks in general. Some healthy practices that users should observe regularly include:
i) Install anti-virus software and keep it up-to-date. Apply the latest available patches provided by anti-virus and IT vendors.
ii) Exercise caution in reading emails from unknown sources.
iii) Do not run attachments or downloads indiscriminately. Attachments delivered with emails are the most popular means of spreading viruses today. Users should also make sure that their Internet Mailer programmes such as Outlook, Messenger, do not automatically open attachments when reading emails. Downloads from sites that are not reputable should not be trusted.
iv) Do regular back-ups of important data files.
v) Turn on Microsoft Word's Macro Virus Protection.
vi) Subscribe to anti-virus mailing lists available from most of the major anti-virus vendors to get the latest alerts of new viruses.
vii) Make the Normal.dot file Read-only. Most macro viruses need to modify the Word file 'Normal.dot' in order to spread themselves among Word documents. By making this file Read-only, it cannot be modified.
5. SingCERT, set up by the NCB and the National University of Singapore (NUS), assists companies in handling computer incidents such as computer hacking and viruses. It regularly alerts and educates users about viruses on its web site at http://www.singcert.org.sg. Users can visit the SingCERT web site for more information on the protection measures against the BubbleBoy virus.
Issued by Corporate Communication Department
National Computer Board