Virus warning: Home users targeted by porn worm

Failure to patch a three-year-old Microsoft vulnerability is leaving home and business users exposed to a JavaScript worm that redirects Internet Explorer to porn sites.

Increased infections from versions of the Fortnight JavaScript worm, which exploits a hole in Microsoft VM Active X, are being reported by some antivirus vendors.

Malicious code can be executed just by reading a message in an HTML-aware email client, meaning the user does not need to open an attachment to activate the virus. Those infected find their Explorer browser redirected to a 'naughty nurses' site and bookmarks and homepage reset to other porn sites.

Graham Cluley, senior technical consultant at Sophos, told silicon.com that while the Fortnight payload is more of an annoyance than a serious threat, it highlights the fact users have not patched a hole which could be exploited by a more malicious worm.

"We understand systems administrators are under pressure but this is a patch which has been out there for three years," he said.

Worms such as Fortnight are likely to increasingly target unpatched systems of home users as corporates become more aware of the importance of keeping patches up-to-date, according to Chris McNab, technical director at security consultancy Matta.

"The lesson is it is not just about patching your servers. It is about patching workstations, browsers, and pieces of software like Microsoft Office and Word. In the future as holes in server software like IIS get fewer and fewer you will find that these virus and worms out there will start to target the end user in a much more aggressive way – like picking up on very small vulnerabilities in Internet Explorer."

A patch for the vulnerability can be found here.