- May 14, 2002
- May 15, 2002 2:21:34 PM
- Windows 98, Windows 95, Windows Me, Windows NT, Windows 2000
JS.Fortnight is a worm that replaces the user's default Outlook Express signature file with one containing a link to a website hosting the worm's code in a hidden iframe. This website exploits the Microsoft Virtual Machine com.ms.activeX.ActiveXComponent Arbitrary Program Execution Vulnerability (Microsoft Security Bulletin MS00-075, Bugtraq ID 1754), allowing the worm to execute on the local system.
The worm's payload simply resets the Internet Explorer and Netscape Navigator home pages to an adult website and adds three links to the Favorites folder.
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.