JS.Coolnow.B
MEDIUM
VERY LOW
4KB
(N/A)
Symptoms
- The script sends messages to users in MSN Messenger contact list.
Removal instructions:
The virus doesn't produce any damage, it doesn't install itself, so removal is not necessary. All you have to do is to close all instances of Internet Explorer.
Analyzed By
Mihaela Stoian BitDefender Virus Researcher
Technical Description:
The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from the address: www.iespana.es/…./xtreme.htm.
The message Espera por favor… appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title Cargando.... Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.
The text of the message is: "juAs! mira esto tio: www.iespana.es/…./xtreme.htm". Through a hidden form, it sends an email to an address using a script from a public site. This email contains the user name and the current date.
The script also tries to load a page from the same site:
http://www.iespana.es/…../pubp.htm
SHARE
THIS ON