Press Releases

Browse our press release archive

20 Jun 2003

Fortnight worm exploits old security vulnerability - Sophos reminds users to get into the patching habit

Recent reports of users being hit by versions of the Fortnight JavaScript worm underline that many computers are still not being reliably patched against critical security vulnerabilities. Astonishingly, the worm exploits a vulnerability that Microsoft first issued a patch against almost three years ago.

The recent reports of the JS/Fortnight-D and JS/Fortnight-F worms underline a serious security problem say Sophos experts.

The Fortnight JavaScript worm exploits a vulnerability in Microsoft VM ActiveX which makes it possible for malicious code to execute just by reading an message in an HTML aware email client. In other words, unlike many other viruses that travel via email, the user does not have to open an attached file to activate the virus.

However, Microsoft first issued protection against this vulnerability in October 2000 in Microsoft Security Bulletin MS00-075.

"Most businesses today recognise that good, up-to-date anti-virus software is an essential part of the defence against malware threats," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "However, it is not the complete solution. Additional steps such as ensuring your systems are up-to-date with the latest security patches are also important."

Sophos recommends that customers monitor announcements from operating system, application and web server software vendors for details of new vulnerabilities found in their code. Many viruses have exploited loopholes in commonly used web browsers and email software to increase their chances of spreading effectively.

Astonishingly even when security vulnerabilities are discovered, patched and publicised before they are exploited many people will not have applied the fix.

Loopholes are found in products on a weekly basis, some significant, some trivial. IT managers should keep abreast of these loopholes and apply patches where appropriate before new viruses come along to exploit them. Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx. Other vendors offer similar services.

"Home users might consider checking out the services Microsoft offers at windowsupdate.microsoft.com, which can scan your home PC for security vulnerabilities and suggest which critical patches need to be installed," continued Cluley.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.