A security hole in a Microsoft Windows feature has not been removed since its first encounter with the virus 'Bubble Boy' in 1999.
"That kind of danger is still present today. The feature is not used by 99.9 percent of people, it should be the first thing removed from a computer when the machine is set up. Otherwise users are at risk of being attacked," Trend Micro spokesperson Andy Liou told ZDNet Australia.
Liou says script viruses written on programs such as VBScript and JavaScript make use of Microsoft's Windows Scripting Host - available on Windows 98 and 2000 - to activate themselves and infect other files.
Viruses which exploit scripts embedded in HTML automatically execute the moment the HTML page is viewed from a script-enabled browser. In other words, the user doesn't need to double click on the attachment for the virus to be run.
BubbleBoy was the first virus to take advantage of the Windows Scripting Host feature, which hit in 1999.
Liou says the virus was created to prove that a virus could be executed just by reading an email.
The treacherous Love Letter virus, which hit in May 2000, also took advantage of the Windows Scripting Host.
Liou says script viruses have been around for some time and are quite easy to protect.
"All the user has to do is remove the Windows Scripting Host from their machines, and the virus cannot be executed," Liou said.
A lot of users however, don't know about the vulnerabilities within the Windows feature, which is one of the reasons the spread of viruses is on the increase.
Liou believes the only users of the Windows feature these days are the virus writers themselves.
"I don't know anybody who uses the feature. By default, it comes installed. A lot of people don't know they have it. It should be completely removed," he said.
To remove the Windows Hosting Script feature, visit Trend Micro
How about a link to a page that helps people disable Windows Scripting Host?