Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime's Chagrin

Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming language.

"Future Retiree" US  social security card
Source: Zoonar GmbH via Alamy Stock Photo

Microsoft announced this week that it's deprecating the timeworn VBScript — bad news for cybercriminals, for whom it's a favorite tool.

In future releases of Windows, VBScript will be available only as a feature on demand; and eventually, it will be removed from the operating system altogether.

The VBScript programming language, short for Visual Basic Script, is nearly 30 years old, having been introduced in the mid-90s as a lightweight way to natively generate programming scripts. But like grunge fashion and Neve Campbell movies, its pre-Y2K moment in the sun is long past.

Yet cybercriminals continue to use it as an avenue for initial access to targets, especially since Microsoft started blocking macros by default. Threat actors quickly discovered after its release that they could create malicious VBScripts that would run natively and unquestioned on Windows machines, which could help them smuggle in any number of remote access Trojans, downloaders, and more.

An early example of this was the "ILoveYou" worm from 2000, but more recent malware "gettin' VBS-y wit' it" (to malaprop another mid-90s sensation) include Emotet, QakBot, and DarkGate.

That class of malware's days now appear to be numbered.

"Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript," according to the official announcement from Redmond. In other words, for the interim period before full discontinuation, it will be disabled by default, but users can choose to turn it on if they wish.

Microsoft didn't provide a timeline for when it plans full removal of the tool.

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights