Bubbleboy Poses New Security Threat

The Bubbleboy worm has returned with new implications for Outlook users.

Jerry Cochran

November 18, 1999

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Yep, another security scare: Bubbleboy is on the loose. The situation is getting very tricky for Exchange administrators. First, we had to worry about opening attachments. Now, we have to be concerned if a message is just in our inbox. What's next? Will we have to turn off any usable features in Outlook to protect ourselves?

Although the Bubbleboy worm seems to have gotten everyone’s blood pressure up, how serious is this threat? One thing Bubbleboy does confirm is that you don't necessarily need to double-click an attachment to activate an email-born virus. Bubbleboy, however, does require several prerequisites to pose a potential threat: You must have Internet Explorer (IE) 5.0 with the Windows Scripting Host (WSH) installed, and you must be using Outlook or Outlook Express. In Windows 2000 (Win2K) and Windows 98, the WSH is part of the standard install. Windows NT Workstation 4.0 and Windows 95, However, don't have WSH as part of the standard install. Also, if you've set IE to high security or your Outlook setup uses restricted sites security, threats such as Bubbleboy will probably be impotent. Bubbleboy does give those of us who are using content filtering a good opportunity to try out the technology by scanning for "Bubbleboy is Back" in the subject line of messages coming into our gateways. For additional information on this email worm, click here. Also, be aware that one of the biggest problems is the panic created when these threats are discovered (the boost of sales for antivirus products is quite good). "We have nothing to fear but fear itself?"

On another subject, over the last couple of months, Microsoft has released Exchange Server 5.5 Service Pack 3 (SP3) and NT 4.0 SP6. Many readers have requested pointers to where they can get additional information on these service packs and their implications for Exchange Server. I provided an overview of the important new features in Exchange Server 5.5 SP3 in an earlier column. The three highlights of SP3 are the Mailbox Manager Service, the Anti-Virus Interface, and the MTA Mixer. For more information on SP3, see the Exchange Web site.

NT 4.0 SP6 has many updates to various parts of the NT OS. As was the case for earlier NT service packs, SP6 also installs some new DLLs that cause Exchange Server to rebuild the indexes of its JET/Extensible Storage Engine (ESE) databases. This is not a problem, but administrators should be aware of it and not interrupt the index rebuild process until the process completes. For more information on the contents and availability of SP6 for NT, click here

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like