× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. May 2000

IMPORTANT Update regarding Love Bug and Related Viruses

  • Subject: IMPORTANT Update regarding Love Bug and Related Viruses
  • From: "David Shea" <dshea@xxxxxxxxxxxx>
  • Date: Mon, 8 May 2000 11:26:00 -0400
 
I know this is way off topic, but it's obviously very important.  The Love
Bug and it's variants (including _future_ variations) can be beaten by
disabling the Windows Scripting Host, a very non-essential option in IE5.
Please read the message below for more details.  I apologize if anyone gets
annoyed about my sending this to this list, but I have YET to see any of
these so-called 'experts' from McAfee, Symantec, etc that have been all over
the Today show, etc discuss how easy it is to stop this thing dead in it's
tracks.  In my opinion, this disaster is largely Micro$oft's fault for
leaving the 'loaded gun' on the table.  Perhaps you'll agree with me after
reading the info below.  MS's official position is 'not our fault - people
shouldn't open attachments like that'.  Duh.


> I want to summarize the current status of the 'love bug' and its related
> variants.  Please read this entire message.  It includes instructions for
> protecting your home computers.  Please print this message and take it
home
> with you.
>
> This 'love bug' virus was obviously very effective and destructive.  There
> are at least 8 known variants on this bug that are traveling around the
> internet.  Some of them are far more destructive than the original.  There
> are two ways to protect yourself from this virus:
>
> 1. constantly upgrade our virus protection software to prevent the
> message from getting in.
> 2. disable the Windows feature that allows this virus to spread.
>
> With each of these variants, an update to our virus protection software is
> required in order to stop the incoming message at the Exchange server.
This
> is obviously inefficient, since this virus is easily modified and
> re-distributed.  It also takes time for the software company to create the
> 'innoculation', and the download and installation process is manual.  So,
> there's a window of opportunity for each new variant to do its thing.
Since
> Thursday, I have downloaded several updates already.  The actual source
code
> for the virus is contained in each copy of the virus, so it's fairly easy
> for hackers to 'enhance' this virus and repeat the process.
>
> My preferred approach to stopping this virus is to disable the windows
> feature that allowed this disaster to occur in the first place.  A feature
> called the Windows Scripting Host is what makes this virus possible (and
SO
> powerful).  This feature is like a Macro language for Windows.  It allows
> you to automate things across applications.  So, where Melissa used the
Word
> Macro feature to distribute itself, this thing uses the Windows Scripting
> Host.  Word and Excel have warnings that come up when you open a document
or
> spreadsheet containing a macro.  So, even if you had no virus protection
and
> a Melissa infected document came to you, you would see a warning along the
> lines of:
>
> "This document contains macros.  Macros can contain viruses.
> Do you want to disable the macros before opening this file..."
>
> So, at least you get one last warning before disaster strikes.
>
> The Windows Scripting Host (WSH) has no such warning feature.  It just
GOES.
> Since this is a feature of Internet Explorer 5, WSH is automatically
> included with Win 98 and Windows 2000.  To make things worse, WSH is
turned
> on by default.  So... any machine running Win98 or Win2000, or any machine
> with Internet Explorer 5 installed has perhaps a 99% chance of be set up
to
> propogate this virus AUTOMATICALLY.  This particular virus does also
> requires Outlook to be installed.
>
> The fact that Microsoft decided to turn this feature on by default is, in
my
> opinion, a HUGE mistake by Microsoft.  This feature is powerful, very
> dangerous, and VERY RARELY NEEDED.  I would be surprised if one in a
hundred
> people actually need this feature.  It should either include warning
> features like Word and Excel, or should require the user to conciously
turn
> the feature on.  Had this feature not been the default setting, this
> multi-billion dollar global DISASTER would have been just another largely
> unnoticed annoyance.
>
> So - here's how to disable this feature on your PC.  If you ever find that
> you need this feature at some point in the future, it is an option setting
> in Windows 98 and above, and if you're running Win95 you can simply
> re-install Internet Explorer 5.  Be aware that if you ever install a new
> version of Internet Explorer, you should do the steps below again to shut
> off this feature.  This procedure will disable the WSH, so even if you
were
> to click on the attachment, the virus program would not run.
>
> If you are running Windows 95:
>
> 1. click on Start
> 2. click on programs
> 3. click on MS-DOS Prompt
> 4. at the C: prompt, type  REN C:\WINDOWS\WSCRIPT.EXE WSCRIPT.XXX
> 5. if you get a 'file not found' error, then you are safe - you don't
> have the feature installed
> 6. type EXIT
>
> If you are running Windows 98 (and maybe Win2000):
>
> 1. Close all applications on your machine.
> 2. Click on Start
> 3. Click on Settings
> 4. Click on Control Panel
> 5. Click on Add/Remove Progams.
> 6. Click on the Windows Setup tab.
> 7. Double click on Accessories.
> 8. Scroll down to the bottom of the list.
> 9. UNCHECK Windows Scripting Host.  If you don't see an item for
> Windows Scripting Host, try the Win95 procedure (above) just to be safe.
> 10. Click on OK.
> 11. Click on OK again.
> 12. Shut down and reboot your machine.
>
> If you are running Windows NT4:
>
> 1. Log on to your machine as a user with Administrator rights
> 2. click on Start
> 3. click on programs
> 4. click on MS-DOS Prompt
> 5. at the C: prompt, type  REN C:\WINNT\SYSTEM32\WSCRIPT.EXE
> WSCRIPT.XXX
> 6. if you get a 'file not found' error, then you don't have the feature
> installed and you should be safe.
> 7. type EXIT
>
> If you don't have virus protection on your home PC, or if you don't update
> it regularly (at least monthly), you're playing Russian Roulette.

+---
| This is the BPCS Users Mailing List!
| To submit a new message, send your mail to BPCS-L@midrange.com.
| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: dasmussen@aol.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.