After ILOVEYOU first came out and AV vendors didn't have a fix for it, we had to figure out a way to quickly disable the virus. So I spent 5min finding the reg key and writing 2 scripts to make the default action Edit, instead of Open, and another in reverse, make the default action Open instead of Edit. I wouldn't suggest renaming wscript.exe, jscript.exe or csscript.exe, as Critical Updates, Repairing, or Upgrading IE will just put those files back in place. The javascripts are attached, take a peek and see if they fit the bill. If not, at least you still have the option to quickly disable VBS scripting :)
-----Original Message----- From: Daniel Stark [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 21, 2001 9:12 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; debian-security@lists.debian.org Subject: Re: Anti Virus for Debian Speaking of Windows and *.vbs attacks. What you should really do is disable the scripting host on all of your Windows machines. For those of you who don't know, you can just rename "wscript.exe" "jscript.exe" and "cscript.exe". There's a good chance you'll only have one of them. >From: Bradley M Alexander <[EMAIL PROTECTED]> >To: Mario Zuppini <[EMAIL PROTECTED]> >CC: Matthew Sherborne <[EMAIL PROTECTED]>, >debian-security@lists.debian.org >Subject: Re: Anti Virus for Debian >Date: Mon, 19 Feb 2001 23:35:01 -0500 > >On Tue, Feb 20, 2001 at 01:59:20PM +1000, Mario Zuppini wrote: > > I would also like to know of virus scanners especially for mail servers >ie > > sendmail > > that will work on a SPARC ??? > > > > there are a few that work under i386 ie like amavris etc can be found on > > freshmeat.net > > but nothing will work under a sparc > >As a quick and dirty option, you can use procmail to filter. Depending on >your security posture and thread environment, you can filter on >multi-extension vbs files (e.g. AnnaKournikova.jpg.vbs), all VBS files, exe >files, or any combination. You could filter them to a quarantine area, then >peruse them at your leisure. > >You should combine this with turning off auto execute of attachments on all >of your windows boxen. > >-- >--Brad >=========================================================================== = >Bradley M. Alexander, CISSP | Co-Chairman, >Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG >Winstar Telecom | [EMAIL PROTECTED] >(703) 889-1049 | [EMAIL PROTECTED] >=========================================================================== = >Those who trade liberty for security have neither. > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact >[EMAIL PROTECTED] > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
<<attachment: VBS_scripts.zip>>