I received this email and want to know if it's true. Can anyone tell me if i should disable this scripting?

Thanks!
-------------------------
This new danger is a phishing attack. Phishing is computer slang for attacks in which criminals pretend to be a bank or other institution.

They try to trick you into giving up your password and user name.

Most people have learned not to fall for this. But this new attack could fool the most careful people. Here's how it works:

The criminals send you an e-mail (spam). When you open the e-mail, a small program called a script runs. Note that you only need to open the e-mail; there is no attachment.

The scripting program goes to your HOSTS file, located deep in your computer. The actual path in Windows XP is:

C:\Windows\System32\Drivers\Etc\HOSTS

It enters your bank's Web address--for instance, www.YourBank.com--in the HOSTS file. It also enters an Internet Protocol (IP) number for the criminals' address.

The next time you need to surf to your bank, you attempt to go to www.YourBank.com. When you enter that address, or any other address,

the browser first goes to the HOSTS file to find the IP number. If it isn't there (it normally would not be), it goes to a special computer on the Internet to find the IP number.

However, the criminals have put your bank's address in the HOSTS file,
along with their IP number. So you are automatically sent to that IP number, which is the criminals' computer. It looks like the bank's Web site, so you enter your user name and password. That gives the criminals the information they need to enter your account and steal your money.

How can you protect yourself? Some anti-virus programs guard against this kind of thing; others do not. To be safe, you must disable your computer's scripting ability. To do that:

--In Windows XP, click Start > My Computer. Click Tools >Folder Options.

Select the File Types tab. Click File Types, then scroll to and click VBScript Script File. Click Advanced. In the Actions box, click Open.

Click Remove.

If you need to restore scripting, click New. Put Open in the Action box. In the next box, click Browse. Find wscript.exe in C:\Windows\System32. Double-click it.

-----------------------------

The e-mail sounds genuine, but I'm not sure whether or not these days by default e-mail clients do allow such scripts to be automatically run by e-mails. If you are reluctant to make any internet options changes then to protect yourself against this specific threat you could make the 'hosts' file read-only.

Ha! There's so much stuff that wants access to the host file that this won't last long. In fact it seems some legit apps that make use of this file, just go ahead and reset the read-only flag, change the host file, but leave the read-only flag reset.

Actually, there are some really evil trojans that I've come across that modify /etc/hosts...but as far as I know this is impossible without actually running an application to do this.

It is true that this is the most dangerous scenario because you could in actuality be going to www.citibank.com in your browser, but since your computer checks HOSTS before actually resolving any domain names, you could be redirected to a phishing site without knowing it.

I think you can delete the /etc/hosts file but I'm not sure...I'll look into it. By default it's empty except for mapping localhost to 127.0.0.1 or something.

Mike