Vulnerability Development mailing list archives
Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs
From: puppet () DYNAMSOL COM (Daniel S. Otis-Vigil)
Date: Thu, 11 May 2000 22:19:24 -0600
What's to stop a trojaner from just replacing wscript.exe and or cscript.exe with their own copy that always authenticates? -----Original Message----- Subject: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs I have users that are not willing to remove their wscript and cscript links.:-( I would like to see any time a *.vbs try to run a pgp checksum is sent to a PKI or LDAP server to be authenticated. Any program that fails will be send to the sysadmin. This should be easy because most users do not write there own vb scripts. I can see two or three ways of doing this. 1.) Simple rename wscript.exe to wscript.obj The write a program to be wscript.exe replacement that sends for authentication. The send the ole to the wscript.obj. 2.) Has MS open up the source code to wscript and cscript so we can rewrite are own. 3.) If MS add this themselves. <--- I do not thing this will happen because they said it's not our problem, NOT A BUG it is a feature. I also would like this to be expandable to all binary!!!!! If we are going to stop all virus and worms this is the best way I can think or.
Current thread:
- Sendmail vs *.vbs Todd Garrison (May 07)
- Re: Sendmail vs *.vbs Mariusz Woloszyn (May 08)
- WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 11)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Blue Boar (May 11)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel S. Otis-Vigil (May 11)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 12)
- WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 11)
- Re: Sendmail vs *.vbs Mariusz Woloszyn (May 08)
- Re: Sendmail vs *.vbs Sean A. Walberg (May 08)
- Re: Sendmail vs *.vbs Gert-Jan Hagenaars (May 08)
- Re: Sendmail vs *.vbs Sean A. Walberg (May 08)
- <Possible follow-ups>
- Re: Sendmail vs *.vbs Mark Tinberg (May 08)
- Re: Sendmail vs *.vbs Mariusz Woloszyn (May 08)