A Trojan horse reported Thursday inserts a file in the Microsoft Outlook Express signature, sending a code that tries to access a specific Web site when the message is opened.

JS.Fortnight.B drops a file that is then inserted into the default Microsoft Outlook Express signature. Then, every time an email is sent using Outlook Express, the message will contain code attempting to open a specific Web site when the message is opened.

JS.Fortnight.B also changes the Internet Explorer security settings. It also configures the Web Browser to add to all the URLs with a specific URL.

Technical details of the Trojan are on this Symantec page.

W32.Hawawi.Worm Spreads With Its Own SMTP Server

Some antivirus software vendors were issuing alerts Thursday for W32.Hawawi.Worm, which spreads through email using its own SMTP server, ICQ, Yahoo Messenger, PalTalk, and KaZaA.

The email message has one of many different subject lines, such as:

'''*< Love Speaks it all >*'''
Co0o0o0o0oL
Fw:
Heeeeeeeeeeeeeeeey
Wussaaaaaaaap?
WoW But not for NoW
Why Do We FOk?

The messages have an attachment with a .pif extension, usually Hawawi.pif. W32.Hawawi.Worm overwrites all files with specific extensions, with zero-byte files. View them and other information here.

The worm, also known as Worm_Holar.D and W32/Holar.d@MM, can contain any of several messages. View them on this Trend Micro page.

Compiled by Esther Shein.