Fortnight Worm Exploits Old Security Vulnerability

Sophos reminds users to get into the patching habit

Recent reports of users being hit by versions of the Fortnight worm (JS/Fortnight-D and JS/Fortnight-F) underline that many computers are still not being reliably patched against critical security vulnerabilities, according to Sophos Anti-Virus experts. Astonishingly, the worm exploits a vulnerability that Microsoft first issued a patch against almost three years ago (in October 2000).

Unlike many other email-borne viruses, the user does not have to open an attached file to activate the virus. The Fortnight JavaScript worm exploits a vulnerability in Microsoft VM ActiveX which makes it possible for malicious code to execute just by reading an message in an HTML aware email client.

“Most businesses today recognise that good, up-to-date anti-virus software is an essential part of the defence against malware threats,” said Graham Cluley, senior technology consultant for Sophos Anti-Virus. “However, it is not the complete solution. Additional steps such as ensuring your systems are up-to-date with the latest security patches are also important.”

Sophos recommends that customers monitor announcements from operating system, application and web server software vendors for details of new vulnerabilities found in their code. Many viruses have exploited loopholes in commonly used web browsers and email software to increase their chances of spreading effectively.

Loopholes are found in products on a weekly basis, some significant, some trivial. IT managers responsible for security should keep abreast of these loopholes and apply patches where appropriate before new viruses come along to exploit them. They should also consider subscribing to vulnerability mailing lists.

“Home users might consider checking out the services Microsoft offers at www.windowsupdate.com, which can scan home PCs for security vulnerabilities and suggest which critical patches need to be installed,” continued Cluley.