The "CoolNow" worm attacks MSN Messenger Users

14 Feb 2002
Virus News

Kaspersky Lab, an international data-security software developer, announces the detection of a new Internet worm going by the name of "CoolNow" that infects computers upon visiting malicious Web-sites and spreads using the popular MSN Messenger Internet-pager. At this time, several incidents of infection by this malicious code have already been reported. A malicious person initially places "CoolNow" on an anonymous Web-site and performs an advertising campaign (either via e-mail or any other means) to attract users. Upon visiting this site, a malicious Java-script is executed, which uses the "Frame Domain" security breach in Internet Explorer to imperceptibly infect the target computer. Then "CoolNow" gains access to the MSN Messenger and, on behalf of the computer owner, sends to all the recipients from the address book an invitation to visit the malicious Web-site. To date, 7 modifications of the worm have been detected using different Web-sites. Currently these are in the process of being eliminated to prevent the worm from spreading further. However, the original "CoolNow" code can be easily modified and linked to newly opened Web-sites. Considering this, Kaspersky Lab strongly advises users to urgently update their anti-virus software and install the Internet Explorer security patch available from Microsoft. This will ensure that not only current, but also future versions of the worm will not be able to infect your PC. Defense procedures thwarting "CoolNow" have already been added to the Kaspersky® Anti-Virus database. A more detailed description of this Internet worm can be found in the Kaspersky Virus Encyclopedia. Useful links: