Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » JS/Fortnight.E@m


Threat Risk LOW LOW
Destructivity LOW LOW
Payload Changes IE settings and the hosts file
Detection files published 01 Jul 2003 03:00:00
Description created 29 Jul 2003 05:55:00
Description updated 29 Jul 2003 06:00:00
Malware type WORM
Spreading mechanism EMAIL
Summary None



This mail worm does not come as an attachment as such. Instead infected mails contain a default HTML signature that contains an encrypted URL pointing to a malicious web page. This web page is automatically referenced upon opening of the mail. On this malicious web page there is a special Java applet that is designed to break the security in the Microsoft Java VM. If it achieves this, the worm will make a number of changes to the system. The most important of these is that a file containing the malicious URL (s.htm) is defined to be the default signature for mails sent through Outlook/Outlook Express.

Payload Details

The worm may make additional changes to the infected system; among others creates new internet shortcuts, and modifications to the "hosts" file.





Last Updated: 12 Nov 2015 11:06:14