Posted: 21st Jun, 2003 By: Anne
Three years after Microsoft released a patch for the loophole this worm uses in OE its still here and spreading a new porn payload. We have received reports that a new variant of the Fortnight F worm is spreading by Outlook Express.
The new variant uses JavaScript and Java applets to spread via Outlook emails that are set to carry and read HTML.
A hidden web page link is built into the signature file of the email. Once the mail is opened the link is opened as well, and the computer downloads the worm code using a flaw in Microsoft VM ActiveX.
The worm attempts to change registry keys and adds three new favourites to its victim's browser: Nude Nurses.url, Search You Trust.url and Your Favorite Porn Links.url The Virus companies are releasing virus identity files for download from the web. More @
VNUNet and The Microsoft patch is available
here