A friend posted me the link to this today. I have copied the pertinent info below. The creator of this new worm looks like they just wanted to prove they could do what the experts said couldnt be done, but with 50+ days left you know the ones who really want to cause trouble are going to figure it out, too. I have heard that there have been at least 30,000 virus threats logged by various law enforcement, etc. folks. So, given this lovely new form of worm described below, just how much more can (and will) the hackers add to the chaos?

Link: http://www.mcafee.com/viruses/bubbleboy/

VBS/Bubbleboy Help Center

VBS/Bubbleboy is a new Internet worm, discovered 11/08/99. AVERT has assigned it a LOW risk assessment; it has not appeared in the wild.

VBS/Bubbleboy is a NEW type of worm: Unlike previous worms transmitted through email, this new type of worm does not come as an executable attachment. Instead, VBS/Bubbleboy infects PCs as soon as the transmitting email message is opened. This is a VERY significant innovation! Virus researchers have long assured the public that it is not possible to contract a virus or worm merely by opening and reading an email message. This is no longer true, and VBS/Bubbleboy marks the beginning of a more dangerous computing environment. VBS/Bubbleboy is transmitted through an email message with the subject heading "Bubbleboy is back!" It will ONLY infect PCs running Windows 98 with Internet Explorer 5 and Outlook or Outlook Express. PCs using Outlook are infected upon opening the email message, while Outlook Express users may be infected by viewing the message with Outlook's "Preview Pane" feature! When the email is opened, the worm creates a file called UPDATE.HTA. The next time the PC is booted up, the worm sends itself embedded in an email to EVERY address in EVERY MS Outlook address book on the local system. It does this only once.

-- Titania Baildon (tbaildon@yahoo.com), November 10, 1999

Answers

Well, I'm almost certain that if any actual y2k bugs do turn up, it won't labeled as a y2k bug. It will all be normal server failures, normal problem in general, virus related, or some other problem not related to y2k.

-- Larry (cobol.programmer@usa.net), November 10, 1999.

One of the gleanings from Barnett's presentation (see above thread) was the news that a normal year sees 4k viruses unleashed. In the scenario presented on Tuesday, 4k is the expected number on rollover.

-- Drac (Itisdifferentthistime@dowswansong.com), November 10, 1999.

Larry; What you said, yes, and more. The people writing virii and trojans are going to have a field day over the next six weeks. The script kiddies and crackers will be in there as well. There are those who would delight in contribuiting to the problems. The odd thing is they are shooting themselves in the foot, by attacking the very toys they pass their time with.

I am very pleased with my decision to go to Linux about seven years ago. There are two known virii that attack linux (as of June, 99). We have our own problems to be sure, virii are not one of them.

-- (...@.......), November 10, 1999.

Bubbleboy is extensively covered in thread below. Look at old posts, especially "Recent Answers"

-- A (A@AisA.com), November 10, 1999.

I wouldn't sweat it. With all sympathy to those people who have been effected by viruses (and I am one of them), their global impact has always been greatly exaggerated by the media (who don't understand them), and those who exploit them to secure more funding (the Men In Black and the even more sinister sysadmins and IT managers). Yes, they do real damage, but I don't believe for a second that there are thousand of cyber-terrorists out there saving up their DoomVirus for Y2K. Frankly, they wouldn't have the patience.

-- Colin MacDonald (roborogerborg@yahoo.com), November 11, 1999.

At the final Y2K Symposium Series, in NYC in late October (a "crisis management" conference for govt. types, etc.), it was reported that the FBI, DoD, etc. have logged over 40,000 computer virus threats and actually expect about 200,000 viruses to be unleased around the start of next year. They are taking this *very* seriously.

P.S. They are also taking Y2K itself very seriously. That's why the focus was entirely on contingency and crisis management. (Gee, and it's also why the feds, state officials, major corporations, etc., are setting up "crisis management centers," in case anybody has been asleep for the past year.)

-- Don Florence (dflorence@zianet.com), November 11, 1999.