VBS Security Vunrulbility

TheMSsForum.com: The Microsoft Software Forum

Has anyone heard of thido you know if its true and weather to disable what it
says?

> Opening the wrong E-mail may soon be enough to empty your bank
account. In
an effort to woo security-conscious computer users, "phishers" have
come up
with a new technique to harvest online banking details without
requiring
users to click on a Web link and enter personal information on a
submission
form. This new form of attack, directed specifically at users of
online
banking, runs a script when a phishing E-mail message is opened,
according
to E-mail and virus security company MessageLabs Ltd. The script tries
to
rewrite the host files on the machine of the recipient. On subsequent
attempts to access online banking services, victims will unknowingly be
redirected to a fraudulent Web site designed to capture their log-in
details. Alex Shipp, senior antivirus technologist at MessageLabs,
says
such developments only make it harder to defend against phishing.
Traditional phishing attacks rely on tricking the user into following a
Web
link and then entering personal information. "This one is much more
insidious," he says. Some 3% of those targeted by phishers reveal
personal
information, according to a study released in April by research firm
Gartner. Shipp adds that this new technique, which has only been
detected
in Brazil, is probably being tested for wider deployment. That's what
happened with first-generation phishing attacks that were tested in
Australia before being directed at users in the United States. Only
systems
that have enabled Windows Script Host are vulnerable to this attack.
WSH
lets users run VBScript and JScript scripts within the Windows
operating
system. Sophos plc, an antivirus company, offers instructions on how to
disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses
these days probably have this disabled," Shipp says. "But home users
are
more vulnerable."
Top

Re: VBS Security Vunrulbility by Karl

Karl
Wed Nov 10 01:15:25 CST 2004

.VBS and phishing are nothing new. VBS is easy to disable, by going into
Windows Explorer or My computer and select Tools, Folder Options, File Types
to change the default action on .VBS and .WSH files from Open to Edit.
searching www.google.com gives you .REG files that do this and more, for
even better security.

Why Microsoft still continues to refuse to make this the default setting on
home computers even in XP SP2 after multiple requests is completely and
totally beyond me.



"Tinkermcgreggor" <Tinkermcgreggor@discussions.microsoft.com> wrote in
message news:1E217772-BBD8-44BF-9330-B4551B432C39@microsoft.com...
> Has anyone heard of thido you know if its true and weather to disable what
it
> says?
>
> > Opening the wrong E-mail may soon be enough to empty your bank
> account. In
> an effort to woo security-conscious computer users, "phishers" have
> come up
> with a new technique to harvest online banking details without
> requiring
> users to click on a Web link and enter personal information on a
> submission
> form. This new form of attack, directed specifically at users of
> online
> banking, runs a script when a phishing E-mail message is opened,
> according
> to E-mail and virus security company MessageLabs Ltd. The script tries
> to
> rewrite the host files on the machine of the recipient. On subsequent
> attempts to access online banking services, victims will unknowingly be
> redirected to a fraudulent Web site designed to capture their log-in
> details. Alex Shipp, senior antivirus technologist at MessageLabs,
> says
> such developments only make it harder to defend against phishing.
> Traditional phishing attacks rely on tricking the user into following a
> Web
> link and then entering personal information. "This one is much more
> insidious," he says. Some 3% of those targeted by phishers reveal
> personal
> information, according to a study released in April by research firm
> Gartner. Shipp adds that this new technique, which has only been
> detected
> in Brazil, is probably being tested for wider deployment. That's what
> happened with first-generation phishing attacks that were tested in
> Australia before being directed at users in the United States. Only
> systems
> that have enabled Windows Script Host are vulnerable to this attack.
> WSH
> lets users run VBScript and JScript scripts within the Windows
> operating
> system. Sophos plc, an antivirus company, offers instructions on how to
> disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses
> these days probably have this disabled," Shipp says. "But home users
> are
> more vulnerable."


Top

Re: VBS Security Vunrulbility by it's

it's
Wed Nov 10 15:42:14 CST 2004

On Wed, 10 Nov 2004 02:15:25 -0500, "Karl Levinson [x y] mvp"
<levinson_k@despammed.com> wrote:

>.VBS and phishing are nothing new. VBS is easy to disable, by going into
>Windows Explorer or My computer and select Tools, Folder Options, File Types
>to change the default action on .VBS and .WSH files from Open to Edit.
>searching www.google.com gives you .REG files that do this and more, for
>even better security.
>
>Why Microsoft still continues to refuse to make this the default setting on
>home computers even in XP SP2 after multiple requests is completely and
>totally beyond me.
>

Also forget MSIE and Outlook.
Use common sense in opening attachments and for VBS, WSF, JS and more
look that ScripTrap
at
http://keir.net/

might help. It works down here on an NT machine.

Best regards,
Hadrian


it's Hadrian

hadrian.spam-not@40whyspamxs.com
Top

Re: VBS Security Vunrulbility by Tinkermcgreggor

Tinkermcgreggor
Sun Nov 14 19:20:02 CST 2004

Thanx

"Karl Levinson [x y] mvp" wrote:

> ..VBS and phishing are nothing new. VBS is easy to disable, by going into
> Windows Explorer or My computer and select Tools, Folder Options, File Types
> to change the default action on .VBS and .WSH files from Open to Edit.
> searching www.google.com gives you .REG files that do this and more, for
> even better security.
>
> Why Microsoft still continues to refuse to make this the default setting on
> home computers even in XP SP2 after multiple requests is completely and
> totally beyond me.
>
>
>
> "Tinkermcgreggor" <Tinkermcgreggor@discussions.microsoft.com> wrote in
> message news:1E217772-BBD8-44BF-9330-B4551B432C39@microsoft.com...
> > Has anyone heard of thido you know if its true and weather to disable what
> it
> > says?
> >
> > > Opening the wrong E-mail may soon be enough to empty your bank
> > account. In
> > an effort to woo security-conscious computer users, "phishers" have
> > come up
> > with a new technique to harvest online banking details without
> > requiring
> > users to click on a Web link and enter personal information on a
> > submission
> > form. This new form of attack, directed specifically at users of
> > online
> > banking, runs a script when a phishing E-mail message is opened,
> > according
> > to E-mail and virus security company MessageLabs Ltd. The script tries
> > to
> > rewrite the host files on the machine of the recipient. On subsequent
> > attempts to access online banking services, victims will unknowingly be
> > redirected to a fraudulent Web site designed to capture their log-in
> > details. Alex Shipp, senior antivirus technologist at MessageLabs,
> > says
> > such developments only make it harder to defend against phishing.
> > Traditional phishing attacks rely on tricking the user into following a
> > Web
> > link and then entering personal information. "This one is much more
> > insidious," he says. Some 3% of those targeted by phishers reveal
> > personal
> > information, according to a study released in April by research firm
> > Gartner. Shipp adds that this new technique, which has only been
> > detected
> > in Brazil, is probably being tested for wider deployment. That's what
> > happened with first-generation phishing attacks that were tested in
> > Australia before being directed at users in the United States. Only
> > systems
> > that have enabled Windows Script Host are vulnerable to this attack.
> > WSH
> > lets users run VBScript and JScript scripts within the Windows
> > operating
> > system. Sophos plc, an antivirus company, offers instructions on how to
> > disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses
> > these days probably have this disabled," Shipp says. "But home users
> > are
> > more vulnerable."
>
>
>
Top

Re: VBS Security Vunrulbility by Tinkermcgreggor

Tinkermcgreggor
Sun Nov 14 19:21:02 CST 2004

Thank you

"it's Hadrian" wrote:

> On Wed, 10 Nov 2004 02:15:25 -0500, "Karl Levinson [x y] mvp"
> <levinson_k@despammed.com> wrote:
>
> >.VBS and phishing are nothing new. VBS is easy to disable, by going into
> >Windows Explorer or My computer and select Tools, Folder Options, File Types
> >to change the default action on .VBS and .WSH files from Open to Edit.
> >searching www.google.com gives you .REG files that do this and more, for
> >even better security.
> >
> >Why Microsoft still continues to refuse to make this the default setting on
> >home computers even in XP SP2 after multiple requests is completely and
> >totally beyond me.
> >
>
> Also forget MSIE and Outlook.
> Use common sense in opening attachments and for VBS, WSF, JS and more
> look that ScripTrap
> at
> http://keir.net/
>
> might help. It works down here on an NT machine.
>
> Best regards,
> Hadrian
>
>
> it's Hadrian
>
> hadrian.spam-not@40whyspamxs.com
>
Top

Re: VBS Security Vunnerability by Mc

Mc
Mon Jan 03 14:33:02 CST 2005

Hi Hadrian (like the wall?),
Is this related to the same VBS vulnerability?
I have a pop up which warns me of malware in the following file:
c:\documents and settings\all users\start menu\start up\microsoft office.hta
I have run four different scumware detectors and all are up to date.
(McAfee, Ad-Aware, CW Shredder, and Spy Substract)
I also have McAfee Firewall up and running.

Nothing seems to catch this "malware" any ideas how to get rid of it?



"it's Hadrian" wrote:

> On Wed, 10 Nov 2004 02:15:25 -0500, "Karl Levinson [x y] mvp"
> <levinson_k@despammed.com> wrote:
>
> >.VBS and phishing are nothing new. VBS is easy to disable, by going into
> >Windows Explorer or My computer and select Tools, Folder Options, File Types
> >to change the default action on .VBS and .WSH files from Open to Edit.
> >searching www.google.com gives you .REG files that do this and more, for
> >even better security.
> >
> >Why Microsoft still continues to refuse to make this the default setting on
> >home computers even in XP SP2 after multiple requests is completely and
> >totally beyond me.
> >
>
> Also forget MSIE and Outlook.
> Use common sense in opening attachments and for VBS, WSF, JS and more
> look that ScripTrap
> at
> http://keir.net/
>
> might help. It works down here on an NT machine.
>
> Best regards,
> Hadrian
>
>
> it's Hadrian
>
> hadrian.spam-not@40whyspamxs.com
>
Top