WSH can execute scripts written in many programming languages. Out of the box, it does JScript and VBScript but other languages, such as Perl and Python, can also be installed. 
JScript is Microsoft’s version of JavaScript. Unlike the JavaScript that runs inside a web browser, JScript runs inside Windows and, compared to browser-based JavaScript, has additional, potentially dangerous, features.
Back in June,  I wrote about  defending a Windows computer from malicious JScript email attachments that install malware.  
Last month, Trend Micro wrote that they have started seeing malicious VBScript and WSF files:
In June and August, it appears Locky’s operators switched to using JavaScript attachments. However, this type of attachment is also known to download other ransomware families such as CryptoWall 3.0 and TeslaCrypt 4.0. We also noticed Locky employing VBScript attachments, likely because this can be easily obfuscated to evade scanners. Around mid-July to August, we started seeing Locky’s spam campaign using Windows Scripting file (WSF) attachments—which could explain how WSF became the second file type attachment most used by threats.
WSF files are chic and trendy.
Last week, Symantec confirmed the popularity of malicious WSF files. 
Symantec has seen a major increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments over the past three months. Ransomware groups in particular have been employing this new tactic… between October 3 and 4, Symantec blocked more than 1.3 million emails bearing the subject line “Travel Itinerary. ” The emails purported to come from a major airline and came with an attachment that consisted of a WSF file within archive. If the WSF file was allowed to run, Locky was installed on the victim’s computer… Over the past number of months, Symantec has noticed a significant increase in the overall numbers of emails being blocked containing malicious WSF attachments. From just over 22,000 in June, the figure shot up to more than 2 million in July. September was a record month, with more than 2.2 million emails blocked.
There are two defensive tactics against malicious script files: disabling the WSH component altogether and configuring Windows to open WSH files with Notepad rather than the Windows Script Host component.
Forcing Windows to open WSH files in Notepad is fairly simple and I described the procedure back in June for Windows 7, 8.1 and 10. If you prefer this option, be sure to do it for all five types of files. 
Interestingly, Windows Explorer displays very different information for these file types depending on whether they are processed by Notepad or WSH. Before changing anything, it looks like this: 
Windows Explorer when WSH processes the five types of script files
After configuring Notepad to open these files, they are no longer “script” files, they are just files. 
Windows Explorer when Notepad processes the five types of script files
With that in mind, disabling WSH entirely is a much bigger hammer. Disabling it is the strongest option available as WSH can not be un-installed.
According to Trend Micro , the key is a REG_DWORD called “Enabled”, and it needs to be set to zero. To disable WSH for the current Windows user, add the key under
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\
To disable it system wide, add the key under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\
You can verify that WSH is disabled from the command prompt with the cscript and wscript commands.
What the wscript command looks like after WSH has been disabled
All this said, is it really worth the trouble? If you read email on a Windows computer, do yourself a favor and use a different operating system, at least for email.

© Source:
All rights are reserved and belongs to a source media.