Watch out for this new phish.

Beware! There’s a new phishing attack brewing. This new attack is directed at online banking users. It runs a script just from opening the infected email, so no longer is it necessary to click on a bogus link in order to end up on a phishing site. The script rewrites your host file so that you are directed to the fraudulent phishing site instead of to your banking site. There, you will unknowingly give the phishers all of your electronic banking login details.

Only systems that have Windows Script Host (WSH) enabled are vulnerable to this attack. WSH lets you run VBScripts and JScripts in the Windows operating system. I strongly suggest that you immediately check to make sure that WSH is disabled on your system. Here’s how:

Windows 98:

Select Start -> Settings -> Control Panel -> Add/Remove Programs -> Windows Setup -> Accessories. In the Accessories list find the Windows Scripting Host item and uncheck it. Click Ok, then Ok again.

Windows 95/NT/2000/Me/XP/2003:

For NT/2000/XP/2003 systems you need administrator rights to make the necessary changes. Specifics will vary slightly and there are multiple ways to get to the right screen but, basically what you need to do is open My Computer -> View -> Options -> File Types, find the VBS and/or VBScript Script File entry and delete it. If you need to run scripts you can create a command file to prompt first before running a script and substitute the WSCRIPT Open with your command.