Bulla

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Summary:

 Bulla is a Browser Helper Object for Internet Explorer. It tries to search all pages you view in IE and replaces banner advertisements from the page with advertisements from its controlling servers.

Alias:

 Also known as IEPlugin, from the filename of the BHO DLL. This is a generic name; Bulla has nothing to do with the parasite known as IEPlugin.

Category:

Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product.

Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.

Similar Pests:

 Browser Helper Object · Adware · Hijacker · Search Hijacker

Origins

Group:

 Bulla

URL:

 http://www.bulla.com/

Date of Origin:

 November, 2002

Distribution

Distribution:

 Some (unconfirmed) reports of Bulla installing through ActiveX drive-by-download on pop-up ad windows.

Prevalence:
  • Bulla: < 0.00005%
    • More Info

    Clot Factor:
  • Bulla: 1

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Operation

    Advertising:

    		 Yes. Whenever a new page is displayed, Bulla connects to its servers at 1110100011o1window.info and downloads a piece of JavaScript that searches a document for <iframe>s sized at 468x60 (the typical banner ad size), and replaces them with ads served from ad.bulla.com.

    Bulla also sets your home page to 'startpage.ms' the first time it is run.

    Storage Required:
  • Bulla: at least 93 KB
    		•

    Browser Performance:

    		 Likely to slow performance of Internet Explorer.

    Risks

    Privacy Issues:

    		 Yes. Each connection includes the URL of the page being viewed and a unique ID to allow Bulla to track sites being viewed.

    Security Issues:

    		 None known.

    Stability Issues:

    		 The JavaScript currently being served is incompatible with IE4. This might cause JavaScript on targeted pages to stop working and/or spurious error messages to appear.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    There is no uninstall feature. Bulla installs a file called IEPlugin.dll into your System directory. Before you can delete it you must deregister it. Enter the following command in a command (DOS) window, for Windows 95/98/Me:

    "%WinDir%\SYSTEM\regsvr32.exe" /u "%WinDir%\System\IEPlugin.dll"

    Or, for Windows NT/2000/XP:

    regsvr32 /u "%WinDir%\System32\IEPlugin.dll"
    Then restart the computer and open the System(32) directory in the Windows folder. Delete the IEPlugin.dll file. You can also delete the key HKEY_LOCAL_MACHINE\Software\IEPlugin from the registry (run'regedit') to clean up if you wish.

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Restore Settings:

    After following the instructions above, you will still need to restore your original settings and prevent this from happening again. Here''s how.

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • Andrew Clover
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 15, 2005