Increased infections from versions of the Fortnight JavaScript worm, which exploits a hole in Microsoft VM Active X, are being reported by some antivirus vendors.
Malicious code can be executed just by reading a message in an HTML-aware email client, meaning the user does not need to open an attachment to activate the virus. Those infected find their Explorer browser redirected to a 'naughty nurses' site and bookmarks and homepage reset to other porn sites.
Graham Cluley, senior technical consultant at Sophos, told silicon.com that although the Fortnight payload is more of an annoyance than a serious threat, it highlights the fact users have not patched a hole which could be exploited by a more malicious worm.
"We understand systems administrators are under pressure but this is a patch which has been out there for three years," he said.
Worms such as Fortnight are likely to increasingly target unpatched systems of home users as corporates become more aware of the importance of keeping patches up to date, according to Chris McNab, technical director at security consultancy Matta.
"The lesson is it is not just about patching your servers. It is about patching workstations, browsers, and pieces of software like Microsoft Office and Word. In the future as holes in server software like IIS get fewer and fewer you will find that these virus and worms out there will start to target the end user in a much more aggressive way -- like picking up on very small vulnerabilities in Internet Explorer."
A patch for the vulnerability can be found on Microsoft's Web site.
I am sure if I was subjected to this worm then my Spybot Search and Destroy program would pack it off to worm heaven along with any auto diallers, spybots, advertising bots etc. Many I know have been sucked in with "Trust C2 Media" rubbish and end up with Internet Re-Direction installed proggys like lop.com etc. This program bypasses the old fix of re-installing windows to get rid of it and a multitude of other unwanted plug-ins etc. Spybot Search and Destroy blows Adaware away and works fine on both win98se and winxp, and has so far disabled spyware within xp without crippling it like Adaware used to do. Highly recommended for getting rid of nasties, web history, registry changes, media player history and hidden tracks recorded for later retrieval by Bill & his trusted team. HIGHLY RECOMENDED for those either too lazy or ignorant of doing the right thing and patching Bill Gates flakey o/s's & decreasing the chances of these kiddie hacker maggots ruining your online fun.