There’s certainly been a lot of BubbleBoy hype this week, and several details seem to be getting swept under the carpet in all the furor. First off, nobody has yet reported being infected by the virus, or even finding the virus “in the wild”; the author apparently e-mailed it only to anti-virus software companies in an attempt to gain recognition. Second, the virus apparently only affects Windows 98 systems. Finally, Microsoft patched the bug this thing exploits at the end of August. This means that not only will the patch keep BubbleBoy from spreading if it ever “gets out” into the world, but it will also keep virus authors from using the same exploit to spread a virus that actually does something.
Nonetheless, the hype was probably a good thing because it alerted everyone to the possibility of a virus using the exploit, which will probably make everyone vulnerable go and patch their systems before something nasty happens. Speaking of which, if you’d like the patch, you can download it here from ZDNet.
Also from ZDNet, there’s an interesting story on the BB virus that covers, in part, whether some blame for its existence should be laid at Microsoft’s door. It seems people concerned with security had been asking MS to take out the scripting features that BB uses from the time of the first 98 pre-releases. Obviously Microsoft didn’t pay attention to the warnings. One person interviewed for the article goes so far as to say that the only people who are actually using the VB scripting capabilities are those writing viruses with it. Comforting thought, no?