BleBla

BleBlaVerona, Romeo-and-Juliet, Romeo, Juliet, I-Worm.BleblaEmail wormWindows 32-bit systems running Internet Explorer 4.0, 4.01, 5.0, and 5.01November 2000, from PolandBleBla is an email worm that mass-mails itself to addresses listed in the infected users address book and also to the alt.comp.virus newsgroup. Similar to Kak, the worm exploits security vulnerabilities in Microsoft products that allow the worm to execute simply by reading the email.The worm is sent as in HTML format with 2 attachments that execute automatically: MyJuliet.CHM and MyRomeo.EXE. When an infected message is opened, the HTML part of it is executed. That part contains a script program that is automatically activated by Windows.The script program loads and activates the CHM component of the message (the MyJuliet.CHM file). The CHM component is Compressed HTML page and it is processed as HTML Help file. It contains one more script in it. This script executes the MyRomeo.EXE file, that is the main BleBla worm file.

• F-Secure description
• McAfee description
• Symantec description
• Trend Micro description