ietf
[Top] [All Lists]

Re: VIRUS WARNING

2000-05-05 17:40:02

I think I'm starting to see a pattern emerging in email viruses.

Melissa:  Uses script to read user's address book to get the email
addresses of new victims.
ILOVEYOU: Uses script to read user's address book to get the email
addresses of new victims.

What method do you think the next email virus is going to use if
Microsoft doesn't stop scripts from reading people's address books?  Why
didn't MS plug this hole after Melissa?

Brant

I actually laughed when I saw these lines:

rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if

Pretty blatant security problem, being able to set the timeout for the
running script so it can take all the time it wants.  (Besides being
able to write to the registry, etc.)



<Prev in Thread] Current Thread [Next in Thread>