Ident FAQ
Windows Ident
Macintosh Ident
Unix Ident
Microsoft ICS
Proxies & Firewalls
Routers
Security Check
Akill Information
Specific Fixes
Contact Us

ROL.vbs Exploit

Rol.vbs is a common exploit which propagates through insecure web browsers. It works by exploiting a weakness in Internet Explorer's handling of ActiveX controls, allowing a malicious website to write and execute files on your machine without warning or permission.

To find out if you are vulnerable to this particular IE weakness, hit the test button below. This will attempt to exploit the same vulnerability as rol.vbs but WILL NOT execute any harmful code. It will perform the following tests :

Write access - The page will attempt to write vbstest.vbs to the root of drive c. This file contains one line :

MsgBox "You are vulnerable to Internet Explorer exploits!",16,"WARNING"

Execute access - The page will attempt to execute the file written previously. If this suceeds, the following message will be displayed.

If your system is not vulnerable, you will either see no message at all or receive an error message that looks something like this (depending on IE version, Windows version, patch level and other things) :

Test my system now!

What Does rol.vbs do?

The effects of rol.vbs differ depending on the particular version of the exploit you have encountered. All varitions so far discovered make use of mIRC's scripting capabilities to relay information from your computer to others as well as enabling unathorized users to upload and download files from your PC.

You should note that the capabilities of this exploit are limited only by the ingenuity of the creators, as they have full write and execute access to your disk it's perfectly possible to use the same IE vulnerability to plant a far more damaging trojan or even a destructive virus.

Most modern anti-virus utilities detect at least some of the variations of rol.vbs but because the vulnerability behind this exploit is so severe they should not be relied on for complete protection against all possible threats. Users are advised to either cease using Internet Explorer altogether, uninstall Windows Scripting Host (or re-associate the .vbs extension with something like notepad) and remove the 'Safe for Scripting' flag from ActiveX controls or visit www.windowsupdate.com and get all the latest secutity updates for your system.