JS/Fortnight-B

Discussion in 'malware problems & news' started by FanJ, May 7, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    JS/Fortnight-B

    Type : JavaScript worm

    Description
    JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm.

    JS/Fortnight-B sets the following registries:

    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab to "1" and
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ to "http://www.pixpox.com/cgi-bin/click.pl?url="

    JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites:

    Read more:
    http://www.sophos.com/virusinfo/analyses/jsfortnightb.html
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    See also the parallel dslreports thread where I have posted detailed info on this bug from: F-Secure, Symantec, Trend Micro, Computer Associates, and McAfee. ;)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.