RE: mod to "killblast.vbs" script

From: Rob Shein (shotenat_private)
Date: Mon Aug 18 2003 - 14:40:48 PDT

Next message: Andrej: "DCOM bot.rar"

Previous message: Jonathan A. Zdziarski: "document_all.pif"
In reply to: Ansgar Wiechers: "Re: mod to "killblast.vbs" script"
Next in thread: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Only if that's how Blaster works too.  The point here isn't to use proper
programming practices, but to copy the practices used by the worm.

> -----Original Message-----
> From: Ansgar Wiechers [mailto:bugtraqat_private] 
> Sent: Saturday, August 16, 2003 2:38 PM
> To: Laudie, Enoch A.
> Cc: incidentsat_private
> Subject: Re: mod to "killblast.vbs" script
> 
> 
> On 2003-08-14 Laudie, Enoch A. wrote:
> > The recently posted "killblast.vbs" script needs a slight mod.
> > 
> > This line:
> > 
> > fso.DeleteFile "c:\winnt\system32\msblast.exe"
> > 
> > should be
> > 
> > fso.DeleteFile "c:\winnt\system32\msblast.exe", true
> > 
> > so as to delete "read only" files also.
> 
> To make an additional suggestion:
> 
> I am not familiar with VBS, but I assume that one could use 
> environment variables with it, too, so I guess it would be a 
> good idea to use "%SystemRoot%" instead of "C:\WINNT".
> 
> Regards
> Ansgar Wiechers
> 
> --------------------------------------------------------------
> -------------
> Captus Networks - Integrated Intrusion Prevention and Traffic 
> Shaping  
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Automatically Control P2P, IM and Spam Traffic
>  - Ensure Reliable Performance of Mission Critical Applications
>  - Precisely Define and Implement Network Security and 
> Performance Policies **FREE Vulnerability Assessment Toolkit 
> - WhitePapers - Live Demo Visit us at: 
> http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
> --------------------------------------------------------------
> --------------
> 
> 


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

Next message: Andrej: "DCOM bot.rar"
Previous message: Jonathan A. Zdziarski: "document_all.pif"
In reply to: Ansgar Wiechers: "Re: mod to "killblast.vbs" script"
Next in thread: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 10:49:27 PDT