Manage Learn to apply best practices and optimize your operations.

VBS worms: Still dangerous?

VBS worms were a top security concern in the early 2000s. Should enterprises still be worried? Nick Lewis explains.

Are VBS worms still a significant problem on the Internet? Are there configuration changes that can be made in...

Windows to thwart them?

The Visual Basic script (VBS) worms of the early 2000s have largely passed into history. Cybercrime today is more profit-motivated than malware such as the ILOVEYOU virus from 2000, which essentially just deleted .jpg and MP3 files from a user's hard drive. One of the other effects of this virus was that when opened it resent the message to everyone in the recipient's address book and, in turn, many email systems were overloaded with malicious email and had to be disconnected from the Internet. These attacks were reportedly created to steal login usernames and passwords to be used for Internet access.

Current malware authors are more focused on profiting from their malware via ransomware or botnets. Modern malware rarely uses VBS, but there has been malware using WMI or PowerShell scripting as part of the malware. In most cases, neither WMI nor PowerShell are automatically executed when a user clicks on or views an email like VBS was in the 2000s. (Note: VBS should not be confused with JavaScript or JS scripts that are attacked in Web browsers.)

There was most likely very little money made by the criminal(s) from the VBS worms from the 2000s, except by consulting companies that were called in to eradicate the worms. The viruses resulted in a significant amount of attention spent on investigating the malware and catching the author(s). The current attack that could be considered closest to the VBS malware of the 2000s is a distributed denial-of-service attack that uses botnets of a large number of compromised systems to overwhelm the network of a system.

Fortunately, email security systems have advanced significantly since the VBS malware of the 2000s. Host-based security has also improved; typically, VBS and other scripting functions are not enabled by default to execute from an email. VBS via wscript.exe is still supported on Windows 8, but Microsoft is encouraging the use of PowerShell for scripts, which requires signed scripts for the script to execute, which can help prevent most malware using malicious scripts.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

This was last published in June 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.