Security Incidents: Worms and CScript/WScript

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Worms and CScript/WScript

From: "Blake Frantz" <blake () mc net>
Date: Tue, 21 May 2002 16:44:34 -0500


Hello,

A majority of the worms (even SQLsnake) that have been going around
lately take advantage of cscript and wscript.  What ramifications would
be felt on vanilla installs of common services (MS SQL, Exchange, IIS,
etc.) if these two files were moved or deleted?  It seems like a fairly
easy way to help mitigate the 'success' of Internet worms.  Any
thoughts?

Blake Frantz  A+, CNA, CCNA, MCSE
Network Security Analyst
mc.net
720 Industrial Drive #121
Cary, IL 60013
phn: (847)-594-5111 x5734
fax: (847)-639-0097
mailto:blake () mc net
http://www.mc.net

 
 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Re: Strange scan on 1433, (continued)
- RE: Strange scan on 1433 David LaPorte (May 21)
  - RE: Strange scan on 1433 Deus, Attonbitus (May 21)
  - RE: Strange scan on 1433 Blake Frantz (May 21)
    - Re: Strange scan on 1433 George Bakos (May 21)
    - Worms and CScript/WScript Blake Frantz (May 21)
    - Re: Worms and CScript/WScript Ryan Russell (May 21)
    - RE: Worms and CScript/WScript Michael Wright (May 21)
    - RE: Worms and CScript/WScript Nick FitzGerald (May 22)
    - RE: Worms and CScript/WScript Richard H. Cotterell (May 26)
    - RE: Worms and CScript/WScript Nick FitzGerald (May 27)