My friends - I have today received messages from a couple of our subscribers indicating that they have received the bubbleboy.exe worm from others on the JP List. Unfortunately, in both cases, the recipients, in their haste to delete the message with its attachment, did not get the addresses of those who had sent the messages. I rarely bring virus or worm news here to the List, as you know, since 99% of them are hoaxes, or of such little danger as to be non-newsworthy. These viruses and worms cannot, in almost every case, do any damage unless the recipient clicks on the attachment and executes the file in which the virus or worm is lurking. Deleting the message, with its attachment, eliminates any chance of infection. I will not open any attachment that comes to me with an .exe extension, regardles of who originated it. For your information, a sketch of the bubbleboy worm is shown below. If you have any concerns, please communicate with me by private e-mail. There is no need to have any discussion of this, or any other virus/worm, on the List itself. -B +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ BubbleBoy is an Internet worm that requires Internet Explorer 5 with Windows Scripting Host installed (WSH is standard in Windows 98 and Windows 2000 installations). It does not run on Windows NT due to hard-coded limitations. BubbleBoy is embedded within an email message of HTML format and does not contain an attachment. BubbleBoy is written in VB Script. There are two variants; the .b variant is encrypted. In MS Outlook, BubbleBoy requires that you "open" the email. BubbleBoy will not run if using "Preview Pane". In MS Outlook Express, the worm is activated if "Preview Pane" is used! After the VB Script executes, BubbleBoy writes the file UPDATE.HTA to the local machine and during the next Windows startup, the .HTA file is invoked. The UPDATE.HTA file is coded to do the following- · Change the registered owner via the registry to "BubbleBoy" · Change the registered organization to "Vandelay Industries" · Send itself embedded in an email message to every contact in the address book of Microsoft Outlook · Sets the registry key to indicate that the email distribution has occurred. This will prevent itself from continuously re-sending the emails The message sent by BubbleBoy looks as follows: From: (name of infected user) Subject: BubbleBoy is back! Body: The BubbleBoy incident, pictures and sounds <http://www.towns.com/dorms/tom/bblboy.htm>http://www.towns.com/dorms/tom/b blboy.htm The page that the URL refers to does not exist, however it seems that it should refer to <http://www.toptown.com/dorms/rick/bblboy.htm>http://www.toptown.com/dorms/r ick/bblboy.htm which is a web page with details of the "Bubble Boy" episode of the Seinfeld TV series. To protect yourself from BubbleBoy and similar viruses, you should download the patch released by Microsoft Corporation on their website.