VBScript Hit by Strange Exploit -- Redmond Channel Partner

Barney's Blog

VBScript Hit by Strange Exploit

If an e-mail directs you to a Web site, and that Web site asks you to push the F1 key -- don't! This is a new attack that takes advantage of a flaw in VBScript running on IE and Windows 2000, 2003 or XP, and if successful, can run malicious code on the attacked computer.

I can't remember ever being asked to hit the F1 key by a Web site, and I doubt you IT pros would fall for this either. But tricks like this fool novices all the time. In fact, I had a boss at an IT publication who thought someone was in love with him...and he unleashed the I Love You virus on his entire operation.

Have you or anyone in your IT group ever spread a virus? Come clean at dbarney@redmondmag.com.

Posted by Doug Barney on March 03, 2010 at 9:57 AM

Share this Page

Reader Comments

Fri, Mar 5, 2010 BWJ Texas

Wow, I think Ethel may have worked for the same company I did in the late 90's. I remember when the I Love You virus hit our company. A user opened an email from someone that said I love You - because I guess he thought someone besides his wife loved him.... Being a somewhat conscientious user, he was wary and called a senior IT staff person over to look at it. He told the senior IT staff person that he opened the attachment. The senior IT staff person deleted the email and said "Looks like you're OK now!". When the senior staff person came by to tell us about the dumb user opening the vbs attachment in the email and laugh about it, but didn't say he looked for any scripts running or any other changes, I got a little worried. So when I went down to look, sure enough, the SENIOR IT staff person had missed the fact that there were several instances of the vbscript running. We ended up shutting down email until we got it cleaned out. Which, if I remember correctly took most of the day. Almost forgot to mention that the SENIOR IT staff person also opened the attachment and "decided it didn't do anything". Luckily everyone really liked that senior IT staff person and we just gave him a hard time about it forever more. He did change his ways though..... Oh, the fun times!

Thu, Mar 4, 2010 Ted W Colorado

It was many years ago, a new guy in our IT department was tasked with making and mailing a floppy with the new antivirus software to all remote offices and users. He sent a virus-infected disk!

Wed, Mar 3, 2010 Ethel

One of the more senior helpdesk guys I worked with quite some time ago once opened an email from a user in the company who thought he had been emailed a virus. Of course, for simplicity, he had forwarded the suspicious email (with attachment). The helpdesk guy ran the executable to check that it was indeed a virus. Seeing strange behaviour and agreeing with the user that it was, in fact, a virus, he then forwarded the email on to all the helpdesk staff, warning them about it. They also had to check what the executable did, so by the time security got involved, it had spread across the company!