Last Updated on April 18, 2017 by Dave Farquhar
In case you haven’t heard about it elsewhere, there’s another VBS-based worm floating about, similar to the Anna worm earlier this year. This one includes a template called homepage.html.vbs. It e-mails itself to everyone in your address book, then opens one of four adult websites in your browser.
My usual advice about never opening any unexpected attachments applies here. Like I’ve said a million times, it’s much better to miss the joke than to infect your computer. If someone doesn’t tell me an attachment’s coming, I immediately reach for the delete key. Some attachments are harmless, but if you don’t know enough to know which ones are (and how to tell the difference between a GIF/JPEG/HTML attachment and a VBS attachment that’s trying to look like a GIF/JPEG/HTML attachment), you’re much better off just deleting it and protecting yourself and everyone else.
Don’t count on your anti-virus software protecting you. I’ve seen many a PC with anti-virus software on it that never updated itself, even though I configured it to do so. Plus, if you get the virus before your anti-virus vendor gets it and writes a fix and your program downloads the update, you’re totally unprotected.
I also suggest you add a line to the end of your e-mail signature that says something like, “This message should have no attachments. If there are any attachments, don’t open them because I didn’t put it there.” Just remember to delete that line if you do send attachments.
Consider yourself warned, today and every day.
–Dave
More Like This: Virus
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
Hi,
I received the email from someone i didnt even know. So it was easy to identify and delete.
Besides, IMO, email systems should delete or at least quarantine potentially dangerous files. (.com, .vbs, .exe)
I have never received a legitimate email file with a .vbs extension
Regards,
Tim
Won’t it be nice when people finally wake up and realize there are better things to do then send out these little lovely gifts. Actually if people would actually work at work and not talk all day with there buddies on email, this stuff might not happen as often.
One of our clients back in Cleveland, Tennessee had some filters set up on their mail server. If it wasn’t in .zip format then it got deleted. Simple, right? It’s not simple when you’re in helpdesk with forty people asking you (daily) how to zip and e-mail a file.
Although it did stop several virii from propogating. We disallowed POP3 access there, and we also blocked sites like Hotmail, Yahoo!, and RocketMail (big at the time). If it’s business-related then you probably won’t be receiving anything from those accounts. 🙂
I know it seems kind of communistic, but that’s just how we had to do it.
Oh yeah, agreed on both points. There’s never any reason to send a VBS file. There’s no reason to send COMs or EXEs either. Zip ’em up and send ’em.
But as for people waking up… I don’t think it’ll happen. At least once a year, someone kills the mail server by either sending a medium-sized attachment to a thousand people, or sending a 9-meg attachment to a hundred people. And as for stopping viruses, I think we’ll eventually just reach a point where mail servers will strip off potentially dangerous executables. It should be a built-in feature, ready to turn on, today. If it’s not (it’s been three years since I administered a mail server of any kind, and even then I was a third-stringer) I expect it will be soon. Mail administrators and CIOs will demand it.
Yeah, sometimes you have to take the totalitarian approach. Security has to come before convenience and ease of use, and somewhere we really lost that.
There’s an easy way to avoid probs with HTML msgs (not attachments, unfortunately) if using Outlook or OE; Go to ToolsOptionsSecurity, then set the Secure Content zone to Restricted Zones. Then edit the Zone Settings to disable EVERYTHING, especially scripting. This simple method prevents Outlook/OE from running anything in HTML messages, at least. You still have to not open questionable attachments yourself!
Thanks for that reminder. When I initially built my Office 2000 installation point at work, I tried to make that the default setting for Outlook. I’m not sure if it took. I’ll have to rebuild the installation point if/when we finally do rollout though, and I do intend for that to be the default setting. There is absolutely no reason for HTML e-mail to use JavaScript or ActiveX. Frankly there’s no reason for a Web page to use ActiveX either, but I won’t get into that.