SC - Re: [triheralds] e-mail woes

Siegfried Heydrich baronsig at peganet.com
Wed May 24 06:54:02 PDT 2000 

    OK, if you REALLY, REALLY want to make sure you CAN"T get this bug,
there's a REALLY easy fix. Turn off the MS scripting host, and .vbs files
cannot execute. The procedure for doing this is really straightforward, and
the only downside is that you won't get a lot of the nifty stuff on the
graphic intensive websites and such, and attachments will have to be
manually accessed. But if you're more concerned with working on your machine
than surfing, this is a good way to protect yourself. Here it is for the
truly paranoid.

    Go to Control Panel
    Go to Add/Remove Programs
    Click the Windows Setup tab
    Click Accessories in the Components box ONCE (so it's highlighted)
    Click the Details box
    Scroll down until you see Windows Scripting Host
    Click the box OFF (empty)
    Click OK (box will close)
    Click Apply
    Click OK
    Reboot your system

    That's it, you're done - the ILOVEYOU bug and all its variants will have
absolutely no effect on your system unless you do something exceptionally
dumb. There are still OTHER things that can getcha, but this whole class of
worm is neutralized.
    Bear in mind that I've been talking with some of the guys at Symantec
(Norton's), and I'm being told that viruses can be vectored to literally
everywhere on the planet in less that 12 hours, and there's absolutely NO
way they can respond with prevention and/or fixes in that amount of time.
Also, the newer bugs are polymorphic, which means they modify themselves
each time they replicate, in order to mask their profiles. This renders most
AV filters useless.
    What has been our salvation thus far is that the people releasing these
things are idiots, who aren't as much malicious as just plain old assholes.
But when the really nasty people start getting into it, watch out!

    Sieggy


> Hi, folks.
>
> Had to share -- with the ILOVEYOU virus and the variations that it has
> spawned, my sysads at work have gone well into the panic mode and have
> completely shut down all access to incoming internet e-mail. That is,
> unless your e-mail address is @gentiva.com I can't get your mail. Seems
> like an over reaction, but since we have been infected two distinct times
> (once by the CEO and once by a VP) they have cause to worry. If you have
> my work e-mail and have attempted to send me any messages in the last
> week, do not assume that I've received them unless I've actually
> responded.
>
> In addition, this account @typhoon has had major problems with disk space
> and connectivity. I have lost all of my "sent-mail" file (the last two
> months of archived outgoing mail) and my "ensign" file (including several
> kingdom-level ongoing commentary files). So if you are waiting for a
> response from me regarding such commentary, you may wish to resend your
> request.
>
> Further, due to the connectivity issues there may be a bit of delay in my
> receiving and responding to new e-mails. Please be patient while the
> authorities involved are attempting to resolve these issues.

More information about the Sca-cooks mailing list