JS/Fortnight-B

Discussion in 'malware problems & news' started by FanJ, May 7, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    JS/Fortnight-B

    Type : JavaScript worm

    Description
    JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm.

    JS/Fortnight-B sets the following registries:

    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab to "1" and
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ to "http://www.pixpox.com/cgi-bin/click.pl?url="

    JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites:

    Read more:
    http://www.sophos.com/virusinfo/analyses/jsfortnightb.html
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    See also the parallel dslreports thread where I have posted detailed info on this bug from: F-Secure, Symantec, Trend Micro, Computer Associates, and McAfee. ;)
     
Loading...
Thread Status:
Not open for further replies.