JS.Fortnight

JS.Fortnight is a worm that replaces the user's default Outlook Express signature file with one containing a link to a website hosting the worm's code in a hidden iframe. This website exploits the Microsoft Virtual Machine com.ms.activeX.ActiveXComponent Arbitrary Program Execution Vulnerability (Microsoft Security Bulletin MS00-075, Bugtraq ID 1754), allowing the worm to execute on the local system.

The worm's payload simply resets the Internet Explorer and Netscape Navigator home pages to an adult website and adds three links to the Favorites folder.

Protection

• Initial Rapid Release version pending
• Latest Rapid Release version pending
• Initial Daily Certified version pending
• Latest Daily Certified version pending
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.