Fortnight.B
Threat LevelDamageDistribution

Effects 

Fortnight.B has the following effects:

• It modifies the autosignature in the e-mail messages sent through Outlook.
• It tries to connect to a web page with pornographic content.

Infection strategy 

Fortnight.B initially reaches computers in an HTML page. When this page is loaded, the Trojan creates the following files:

• S.HTM. This file is created in the Windows directory and is added to the autosignature of messages sent out fro Outlook Express. In this way, Fortnight.B attaches the malicious code to all the messages sent out.
• S.HTM opens a link to a pornographic web page, which contains the Trojan.
• HOSTS. This is an invalid Windows file create by the virus. The windows HOSTS file is used to associate host names such as IP addresses. The host file generated by the virus contains a list of URLs, which are associated to a false IP address. Click here to see some URLs with false addresses.
  Finally, Fortnight.B creates the following entries in the Windows Registry:
• HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Control Panel\ SecurityTab, "1"
• HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Control Panel\ AdvancedTab, "1"
  

Means of transmission 

Fortnight.B spreads via e-mail in the autosignature of outbound messages. As a result, the AutoSignature of all the outgoing messages will include a link to a web page with pornographic content.

To do this, Fortnight.B exploits a vulnerability that affects ActiveX controls.