X
Tech

Bubbleboy virus is Microsoft's fault - Sophos

ActiveX blamed for new Bubbleboy virus, MS defends saying its security is the best...
Written by Will Knight, Contributor

Shoddy work is responsible for the dangers presented by the new Bubbleboy virus, according to anti-virus company Sophos, which lays the blame at Microsoft's door.

Graham Cluley, senior technical consultant with Sophos Anti-Virus says the Bubbleboy virus exploits a security hole in Microsoft's notoriously shaky ActiveX architecture. "Microsoft have goofed-up badly," says Cluley. "Two ActiveX controls are marked as safe and have the ability to access your hard-drive and send emails even if you are in paranoid mode, and it turns out they are not safe."

The two ActiveX controls in question are scriptlib.type.lib and Eyedog and, although Microsoft released a patch to stop these controls being exploited in August, Cluley worries how effective the exercise has been. "I don't know how much Microsoft made of this flaw but I'd imagine that a lot of people don't know about it. We have a fix for the virus but our advice would also be for people to get the patch from Microsoft."

Chief Researcher for Symantec Anti-Virus in Europe, the Middle East and Africa, Eric Chien agrees that Microsoft's technology is at the root of the problem, but expressed a little sympathy: "Yes, obviously a Microsoft bug allows this virus to spread," he says. "But it is not Microsoft's fault that someone chose to write this virus."

Chien reckons the individual behind Bubbleboy -- who also created the "monopoly" virus which displays Bill Gates at the centre of a Monopoly board -- may well have a gripe with the Microsoft corporation.

For its part, Microsoft argues that it "takes security very seriously". A spokesman explains, "We are looking into this but for now this particular issue can be contained by visiting the Microsoft Web site. Users can also control security in their browser's security settings. Setting IE5 to its maximum security setting will prevent the virus from doing anything."

Take me to the Virus Workshop

Take me to the Melissa Virus .

Editorial standards