You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Fortnight.D

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Fortnight.D has the following effects:

  • It modifies Outlook's autosignature in all e-mail messages sent from the affected computer.
  • In the Favorites folder it creates some links to web pages of erotic content:

    Nude Nurses.url
    Search You Trust.url
    Your Favorite Porn Links.url

Infection strategy 

Fortnight.D initially reaches computers in an HTML page. When this page is loaded, the Trojan creates the following files:

  • S.HTM. This file is created in the Windows directory and it is added to the autosignature of outbound messages. In this way, Fortnight.D adds the malicious code to all the messages sent out. This file opens a link to a pornographic web page, which contains the Trojan.
  • HOSTS.  This file is used to associate host names such as IP addresses. The host file generated by the virus contains a list of URLs, which are associated to false IP addresses. Click here to see some URLs with false addresses.

Finally, Fortnight.D modifies the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\ Identities\ %current user id%\ Software\ Microsoft\ Outlook Express\ 5.0\ signatures "Default Signature" = 0
  • HKEY_CURRENT_USER\ Identities\ %current user id%\ Software\ Microsoft\ Outlook Express\ 5.0\ signatures\ 00000000 "file" = C:\ WINDOWS\ s.htm
  • HKEY_CURRENT_USER\ Identities\ %current user id%\ Software\ Microsoft\ Outlook Express\ 5.0\ signatures\ 00000000 "name" = Signature #1
  • HKEY_CURRENT_USER\ Identities\ %current user id%\ Software\ Microsoft\ Outlook Express\ 5.0\ signatures\ 00000000 "text" = ""
  • HKEY_CURRENT_USER\ Identities\ %current user id%\ Software\ Microsoft\ Outlook Express\ 5.0\ signatures\ 00000000 "type" = 2
    By doing this, it adds the autosignature to the messages.
  • HKEY_CURRENT_USER\ Software\ Policies\ Microsoft\ Internet Explorer\ Control Panel "AdvancedTab"
  • HKEY_CURRENT_USER\ Software\ Policies\ Microsoft\ Internet Explorer\ Control Panel "SecurityTab"
    By doing this, it disables the Internet security options.

Means of transmission 

Fortnight.D spreads via e-mail hidden in the autosignature of outbound messages. As a result, the AutoSignature of all the outgoing messages will include a link to a web page with pornographic content.

Further Details  

Fortnight.D is written in Java Script  programming language. The file that carries out the infection is 136 bytes in size.