Failure to patch a three-year-old Microsoft vulnerability is leaving home and business users exposed to a JavaScript worm that redirects Internet Explorer to porn sites. Some antivirus vendors are reporting increased infections from versions of the Fortnight JavaScript worm, which exploits a hole in Microsoft VM Active X. Malicious code can be executed just by reading a message in an HTML-aware e-mail client, meaning the user does not need to open an attachment to activate the virus. Those infected find their Explorer browser redirected to a ‘naughty nurses’ site and bookmarks and homepage reset to other porn sites. Graham Cluley, senior technical consultant at Sophos, told silicon.com that although the Fortnight payload is more of an annoyance than a serious threat, it highlights the fact users have not patched a hole which could be exploited by a more malicious worm. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.