When it was first discovered earlier last week, the BubbleBoy virus was alarming, but not a threat. No known copies existed "in the wild," because BubbleBoy's author sent the virus code directly to security experts.
But now the virus, launched by simply previewing infected email in Microsoft's Outlook email program, has been posted on a Japanese Web site. Malicious virus writers will inevitably copy it, tweak it, and let loose dozens of potentially nasty variants in coming weeks, security experts said.
"Tomorrow, this thing is going to be in the wild," said Keith Peer, president of Central Command, an anti-virus software maker, on Friday. "We'll see a whole family of these crop up in the next month and a half."
Which isn't to say there's cause for personal alarm. Since BubbleBoy was discovered earlier this week, every major anti-virus software firm has issued a software antidote. Microsoft posted a software patch that will thwart the basic mechanism the virus uses to launch itself (it only affects Windows-based machines).
All you have to do is go to an anti-virus site and download the BubbleBoy upgrade, then go to Microsoft and download the patch.
Problem is, most people won't do that.
"From our experience, very few people actually download the software upgrades," said Eddy Hsia, Director of Development at McAffee.com. Even fewer download operating system patches, experts said.
With scads of new computer owners snapping up sub-US$1000 PCs, odds are the numbers aren't going to increase any time soon.
Still, it used to be that an unprotected machine was safe from email-borne viruses, so long as the user didn't open the attached virus file.
The scary thing about BubbleBoy is that it can launch when you simply preview a message (only if you're using Microsoft Outlook for email). An unprotected machine is a sitting duck for any new virus based on BubbleBoy.
"We've finally come to the point where if you're using email, specifically [Microsoft's] Outlook, you need to have some sort of virus protection or you shouldn't read email," said Sal Viveros, a marketing manager at anti-virus software firm Network Associates when the BubbleBoy virus was discovered.
Now that BubbleBoy's author has demonstrated a new way to launch viruses, a whole lot of virus writers are going to try to do him one better.
"It's a whole new ballgame," said Hsia.
