Vincent Weafer, senior director of Symantec Corp.'s security response center, noted that Symantec received approximately 40,000 to 50,000 submissions of the JS.Exception exploit during the first quarter of 2002, making it number one on Symantec's most submitted malware for the that time period. Vincent noted that the majority of the reporters were home users as opposed to corporations and noted, "It is so prevalent because it is used quite commonly by the porn and online gambling industries (as well as mal-intended authors) to modify settings in Internet Explorer in an effort to get you to return to their sites." Vincent's advice is "to avoid sites that use this technique to modify your browser settings."
While changing default pages in Internet Explorer seems to be the preferred exploit, the vulnerability was also responsible for a mass-mailing email worm, VBS.Loding. That message was received via email with the subject "Computer Secrets !" and body text that read, "If you are using Win9x/Me, visit the following page will upgrade your pc performance. If you are not using Win9x/Me or don't want to upgrade your pc, only forward this page to your friends. Maybe your friends need it." The email included a link to a site that has since been shutdown. While the link was active, following it ran the scripts contained on the web page, perpetuating the email's mass-mailing.
Perhaps the real significance of JS.Exception has less to do with what it can do or has done, and far more to do with people still being vulnerable to its tricks. After all, Microsoft initially released a patch for this vulnerability in October 2000, long before the vulnerability was exploited. This underscores both the need to apply security patches and home users' need to be become more aware of security issues affecting their computers.
It should be a habit, at least monthly, to visit the Microsoft Windows Update site. Choose 'Product Updates' from the selection. Microsoft will then provide a list of updates needed or recommended for that particular system. Install any marked 'Critical' to ensure you are not vulnerable to the above exploit and a multitude of others. You should be as diligent about checking for and applying security patches as you hopefully are about checking for and applying antivirus scanner updates.