All, Programs which autoexecute .vbs scripts are at risk. Indeed there is a 'SPY' script which auto-downloads from WEBSITEs named, 'network.vbs'. This script downloads via java enabled webbrowsers. The script is dropped into three locations, c:/ c:/windows/ c:/windows/start menu/programs/startup The .vbs program is spawned by java, it attaches itself to the winsocket, and OLEs (pipes) MS products; grabs e-mail addresses from your MS e-mail programs (eg., outlook), and logs webbrowser surfing activity into the root in a file, 'networklog.log'. It then creates a peer to peer virtual hard-disk to a remote dynamically identified URL and uploads the logged information stored in 'network.log' file. At some pseudo random time in the future the .vbs script deletes the .log file and the .vbs spy script, 'erasing its tracks' I discovered this script when I rebooted my system one evening and an 'open' dialog request box appeared asking how I wanted to open the script. I don't use ANY products which auto-spawn .vbs and due to this, the script program failed to gather my personal information. This activity is patently illegal as it is unconstitutional and an invasion of privacy. This particular spy script has been floating around the InterNet about eight weeks. I have copies of the script, (functionally disabled) should anyone care to study how it works, it is interesting to see how the virtual hard disk is created without using LMHOSTS type tables. I rename the script extension to .sbv and then change the internal 'dim' statements to prevent accidental execution. Best Wishes, Walt Williams SETV/OSR ============================================ ------- Forwarded Message Follows ------- Date: Thu, 04 May 2000 07:14:51 -0700 From: Doug CriceOrganization: GeoRadar Inc. To: PSN-L Mailing List Subject: Virus Aleart Reply-to: psn-l@.............. PSN folks. I just received two copies of a virus this morning, both from geophysical contacts. Beware of a a message that says "Love Letter for You" with a .vbs extension (visual basic). My normal virus filter didn't see it, so it's very new. Doug Crice -- Doug Crice http://www.georadar.com 19623 Via Escuela Drive phone 408-867-3792 Saratoga, California 95070 USA fax 408-867-4900 __________________________________________________________ Public Seismic Network Mailing List (PSN-L) __________________________________________________________ Public Seismic Network Mailing List (PSN-L)
Larry Cochrane <cochrane@..............>