Dear echin,
Avast founds JS_Fortnight as JS:Seeker. There is a few of variant of JS:Seeker (or Forthnight). The original variant is quite old, ~half year. However, in the past time a few variants quickly emerged. For one of them Avast adopted JS:Fortnight name, too.
I'm reluctant to call the malware "top threat". It might spread rapid, but it's just an advertising trick. In the mail is an URL address pointing to an advertising site. The address might be in plain, in script or in encoded script. After opening the referenced site, ActiveX is runed that set the site as the browser's default site, and create a file with URL link and register it as MS Outlook Express default signature. Then, URL is attachet to all sent mails.
Problem with Seeker is that it's in fact just an URL link. The creation of a new "version" is quick and simple process. And in order to detect it, we need the sample. There is no possibility to detect is by a generic method - URL in mails are normal thing.
Karel
