Discovered: October 24, 2003
Updated: February 13, 2007 12:12:35 PM
Also Known As: VBS/Flea-A [Sophos], JS/Flea@M [McAfee]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
JS.Fortnight.D is a Trojan Horse that drops a file, which is then inserted into the default signature of Microsoft Outlook Express. Following this, every time you send email using Outlook Express, the message will contain code that will attempt to go to a specific Web site when the recipient opens the email message.
JS.Fortnight.D exploits a Microsoft VM vulnerability using IFRAME tags, with the SRC field set to the address of the Trojan's creator. After a series of redirections, an encoded JavaScript will load an applet containing the exploit. On unpatched systems, various registry keys and Web browser settings will be modified.
Protection
-
Initial Rapid Release version October 24, 2003
-
Latest Rapid Release version October 24, 2003
-
Initial Daily Certified version October 24, 2003
-
Latest Daily Certified version June 17, 2008 revision 017
-
Initial Weekly Certified release date October 24, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Difficult
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Douglas Knowles
