The code is also dependant on Microsoft Outlook or Outlook Express as well as Internet Explorer 5 to successfully install itself. In its present form, BubbleBoy is benign and merely uses the infected email client to spread to all addresses in the...
The worm copies itself to system32.exe in the Windows directory, and sets the registry key HKLM\Software\Microsoft\Windows \CurrentVersion\Run\System32. Subsequently, the worm sets the Internet Explorer home page to http://my.marijuana.com and...
Both worms spread as an .exe attachment, and arrive in in-boxes with many different email subject lines. The body text of the email is usually blank and the file name of the attachment is most likely to be PROGRAM.EXE.
If the user runs the attachment the message forwards itself to every name in the users' Microsoft Outlook address book. The worm arrives as an email with the subject line "Shakira Pics" and an attachment entitled "ShakiraPics.jpg.vbs".
The worm sends email using a known exploit that causes the attachment to automatically execute when the message is viewed or previewed on Internet Explorer-based email clients, such as Microsoft Outlook and Outlook Express.
It attempts to attach itself to all the .exe file in the Windows and C:\Program Files\Mirc\download folders, but due to bugs in the software may crash the computer or corrupt files in these folders. It is more usual to receive a hoax email claiming...
Did you find this white paper useful? 
White Paper RSS
Download
Register
