The major disadvantage of VBScript is that it is not cross browser platform, but if you look at the previous post about the Samy worm you can see that this really doesn’t change things much as the Samy worm also wasn’t cross browser. Just getting the bulk of users to execute a vulnerability is the real meat of the issue. This is one reason why I use Windows and Internet Explorer regularly. Knowing what the vast majority of users are going to be vulnerable to is critical to shutting down the holes. Nice job, Awesome Andrew!