My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

JS.Coolnow.B

MEDIUM
VERY LOW
4KB
(N/A)

Symptoms

- The script sends messages to users in MSN Messenger contact list.

Removal instructions:

The virus doesn't produce any damage, it doesn't install itself, so removal is not necessary. All you have to do is to close all instances of Internet Explorer.

Analyzed By

Mihaela Stoian BitDefender Virus Researcher

Technical Description:

The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from the address: www.iespana.es/…./xtreme.htm.

The message Espera por favor… appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title Cargando.... Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.

The text of the message is: "juAs! mira esto tio: www.iespana.es/…./xtreme.htm". Through a hidden form, it sends an email to an address using a script from a public site. This email contains the user name and the current date.

The script also tries to load a page from the same site:
http://www.iespana.es/…../pubp.htm