Vulnerability Development mailing list archives

Bubble Boy Virus Spreading Mechanism

From: Andrew_Leong () EMAIL COM (Andrew Leong)
Date: Mon, 15 May 2000 16:10:46 +0800


Hi all,
        Sorry to revive such an old tale, but has anyone out there disassembled the
Bubble Boy virus to get an idea of how the worm functions? I mean how it
exploits the scriptlet.typelib/Eyedog ActiveX control to propogate?
        Does anyone have any links to the exploit code or more details? I am very
curious as to how it uses the ActiveX controls to do the stuff it does. Just
like DilDog's excellent Advisory about the UA control vulnerability, does
anyone have more details and is willing to share? Thanks.

Andrew Leong
____________________________________________________________________________

Public Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x1BFF3601

PGP Key Fingerprint = 92F8 EF74 19A3 EEC6 6B83  9D83 A61B 20C5 1BFF 3601
____________________________________________________________________________

Current thread:

Re: QPOP2.5* exploit ??, (continued)
- - - Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
    - Re: QPOP2.5* exploit ?? jms (May 14)
    - Re: QPOP2.5* exploit ?? Eric LeBlanc (May 15)
    - hi sparc qpop info sp00n () GMX DE (May 14)
    - Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
    - Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
    - Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
    - Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
    - TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
    - Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
    - Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
    - Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
    - Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
    - xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
    - Re: QPOP2.5* exploit ?? rpc (May 14)
    - Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
    - Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
    - Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
  - is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)

(Thread continues...)