Fortnight worm redirects to porn sites
Published: 23 Jun 2003 10:55 BST
Failure to patch a three-year-old Microsoft vulnerability is leaving home and business users exposed to a JavaScript worm that redirects Internet Explorer to porn sites.
Increased infections from versions of the Fortnight JavaScript worm, which exploits a hole in Microsoft VM Active X, are being reported by some antivirus vendors.
Malicious code can be executed just by reading a message in an HTML-aware email client, meaning the user does not need to open an attachment to activate the virus. Those infected find their Explorer browser redirected to a 'naughty nurses' site and bookmarks and homepage reset to other porn sites.
Graham Cluley, senior technical consultant at Sophos, told silicon.com that although the Fortnight payload is more of an annoyance than a serious threat, it highlights the fact users have not patched a hole which could be exploited by a more malicious worm.
"We understand systems administrators are under pressure but this is a patch which has been out there for three years," he said.
Worms such as Fortnight are likely to increasingly target unpatched systems of home users as corporates become more aware of the importance of keeping patches up to date, according to Chris McNab, technical director at security consultancy Matta.
"The lesson is it is not just about patching your servers. It is about patching workstations, browsers, and pieces of software like Microsoft Office and Word. In the future as holes in server software like IIS get fewer and fewer you will find that these virus and worms out there will start to target the end user in a much more aggressive way -- like picking up on very small vulnerabilities in Internet Explorer."
A patch for the vulnerability can be found on Microsoft's Web site.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
13 out of 27 people found this useful
- Share this article:
