Visual Basic Script files can be used for malicious purposes; particularly in the role of worms.
Microsoft® Visual Basic® Scripting Edition, a subset of the Microsoft Visual Basic programming language, is a fast, portable, lightweight interpreter for use in World Wide Web browsers and other applications that use Microsoft ActiveX® Controls, Automation servers, and Java applets.
Basically, think about VBScript as a super batch language. VBScript is an interpreted language (so scripts are really the source code for whatever needs to be done). Scripts can be embedded into such things as Web pages or can be standalone files (with the extension .VBS usually).
If you’ve got Microsoft’s Internet Explorer 5 (or later) browser on your system it’s likely you also have the Windows Scripting Host (WSH) which is the program used to interpret and run VBS scripts.
Even though VBScript is a scaled down language it is quite capable and can be used to, for example, connect to Microsoft’s Outlook mail routines and send files to anyone in your address book. This, of course, makes it possible for VBScript to be a language used by worms to spread themselves.
VBScript can be disabled on your system. We have a page that tells you how to do this if you wish. [Update for XP and Vista]
In addition to disabling VBScript consider using a browser where script running can be controlled. One example of this would be the Firefox browser with the NoScript add-on. NoScript intercepts the HTML coming in and disables all commands to run things by default unless you approve the page. You can approve the whole page or just scripts from particular sources.
- VBScript is a language that can easily be used to create worms that send themselves and possibly files from your computer to others on the Internet.
- Consider turning scripting off to prevent your accidentally running a malicious script.
|What Viruses Infect|