Security Incidents mailing list archives
Re: Worms and CScript/WScript
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 21 May 2002 16:07:20 -0600 (MDT)
On Tue, 21 May 2002, Blake Frantz wrote:
A majority of the worms (even SQLsnake) that have been going around lately take advantage of cscript and wscript. What ramifications would be felt on vanilla installs of common services (MS SQL, Exchange, IIS, etc.) if these two files were moved or deleted? It seems like a fairly easy way to help mitigate the 'success' of Internet worms. Any thoughts?
Tried that once. The next IE upgrade will just put them back, and you might not even notice... was kinda counterproductive. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange scan on 1433 Pavel Lozhkin (May 21)
- Re: Strange scan on 1433 dr john halewood (May 21)
- Re: Strange scan on 1433 Jason Robertson (May 21)
- RE: Strange scan on 1433 David LaPorte (May 21)
- RE: Strange scan on 1433 Deus, Attonbitus (May 21)
- RE: Strange scan on 1433 Blake Frantz (May 21)
- Re: Strange scan on 1433 George Bakos (May 21)
- Worms and CScript/WScript Blake Frantz (May 21)
- Re: Worms and CScript/WScript Ryan Russell (May 21)
- RE: Worms and CScript/WScript Michael Wright (May 21)
- RE: Worms and CScript/WScript Nick FitzGerald (May 22)
- RE: Worms and CScript/WScript Richard H. Cotterell (May 26)
- RE: Worms and CScript/WScript Nick FitzGerald (May 27)
- RE: Worms and CScript/WScript Richard H. Cotterell (May 28)
- Re: Strange scan on 1433 dr john halewood (May 21)
- Re: Strange scan on 1433 Johannes Ullrich (May 21)
- <Possible follow-ups>
- RE: Strange scan on 1433 Quarantine (May 21)
- RE: Strange scan on 1433 Dias Sgt Kristin F (May 21)