(JS/Exploit-Messenger, JS_Menger.Gen, JS.Menger.Worm)
- The script sends messages to users in MSN Messenger contact list.
The virus doesn't produce any damage, it doesn't install itself, so removal is not necessary. It is required to close all opened Internet Explorer windows.
Mihaela Stoian BitDefender Virus Researcher
The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from one of the addresses:
These pages have been removed by now.
The message "Please Wait…" appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title "Please Wait…". Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.
The text of the message could be:
Hey Go to http://www.geocities.com /……./teztx1.htm plz or
ATTeNT!oN - Go to: http://www.geocities.com/….. /teztx1.htm or
URGENT - Go to http://www.rjde…… /cool Now
Through a hidden form, it sends an email to an address using a script from a public site.