Posted 21 June, 2003

The Fortnight virus uses a trick we haven’t seen for a while. Rather than using an attachment to spread, it uses an Outlook Express signature file, this means you only have to view the email to get infected. This was the trick used by the classic Kak Worm.

In many ways, this is a very effective way to spread. Because it is contained in legitimate emails, the usual methods of not opening attachments, avoiding strange subject lines and not reading mail from strangers are useless. It shows why you cannot assume mail from trusted sources is safe.

If infected the virus will add three new favourites to your browser: Nude Nurses.url, Search You Trust.url and Your Favorite Porn Links.url. It will also redirect certain web pages to the virus writers’ sites. To spread further it will become your email signature file.

This virus is completely avoidable, the weakness it exploits in Outlook Express and Internet Explorer was patched in October 2000. This virus shows why it is important to keep your system and your virus checker up-to-date. As most people have at least some protection, we don’t expect this one to cause many problems.

More information on the Fortnight virus is available at the following links.

http://www.vnunet.com/News/1141755

http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.b.html

http://www.sophos.com/virusinfo/articles/fortnight.html