JS.Fortnight.C

JS.Fortnight.C is a Trojan Horse that drops a file, which is then inserted into the default signature of Microsoft Outlook Express. Following this, every time you send email using Outlook Express, the message will contain code that will attempt to go to a specific Web site when the recipient opens the email message.

JS.Fortnight.C exploits a Microsoft VM vulnerability using IFRAME tags, with the SRC field set to the address of the Trojan's creator. After a series of redirections, an encoded JavaScript will load an applet containing the exploit. On unpatched systems, various registry keys and Web browser settings will be modified.

NOTE: Virus definitions dated prior to July 3, 2003 may detect some files as JS.Fortnight.

Protection

• Initial Rapid Release version July 3, 2003
• Latest Rapid Release version July 12, 2008 revision 018
• Initial Daily Certified version July 3, 2003
• Latest Daily Certified version July 12, 2008 revision 019
• Initial Weekly Certified release date July 9, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: Medium
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Medium