Name: JS/Coolnow-A Aliases: JS.Menger.worm Type: JavaScript worm Date: 14 February 2002 At the time of writing Sophos has received just one report of this worm from the wild. Description: JS/Coolnow-A is an MSN Messenger worm which exploits a vulnerability in Microsoft Internet Explorer. The body of the worm exists on a web page. When the page is viewed by a vulnerable user the worm will send a message to all the user's MSN Messenger contacts. The message will ask the recipient to visit the affected web page. The text of the message will vary according to the affected web page but may be similar to "Go to: http://<address of affected website>". The worm makes no modifications to a user's system. Microsoft has issued a security patch which secures against the vulnerability. It is available at Microsoft Security Bulletin MS02-005. Read the analysis at http://www.sophos.com/virusinfo/analyses/jscoolnowa.html
More links to information on variations of this exploit: http://www.securitynewsportal.com/c...gi?database=JanG.db&command=viewone&id=6&op=t http://www.computing.vnunet.com/News/1129244 http://www.newsbytes.com/news/02/174501.html Enjoy!