- May 14, 2002
- May 15, 2002 2:21:34 PM
- Windows 98, Windows 95, Windows Me, Windows NT, Windows 2000
JS.Fortnight is a worm that replaces the user's default Outlook Express signature file with one containing a link to a website hosting the worm's code in a hidden iframe. This website exploits the Microsoft Virtual Machine com.ms.activeX.ActiveXComponent Arbitrary Program Execution Vulnerability (Microsoft Security Bulletin MS00-075, Bugtraq ID 1754), allowing the worm to execute on the local system.
The worm's payload simply resets the Internet Explorer and Netscape Navigator home pages to an adult website and adds three links to the Favorites folder.