My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

JS.Coolnow.A

MEDIUM
VERY LOW
2KB
(JS/Exploit-Messenger, JS_Menger.Gen, JS.Menger.Worm)

Symptoms

- The script sends messages to users in MSN Messenger contact list.

Removal instructions:

The virus doesn't produce any damage, it doesn't install itself, so removal is not necessary. It is required to close all opened Internet Explorer windows.

Analyzed By

Mihaela Stoian BitDefender Virus Researcher

Technical Description:

The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from one of the addresses:
http://www.rjde……../cool,
http://www.geocities.com/………tx1.htm, etc.
These pages have been removed by now.

The message "Please Wait…" appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title "Please Wait…". Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.

The text of the message could be:
Hey Go to http://www.geocities.com /……./teztx1.htm plz or
ATTeNT!oN - Go to: http://www.geocities.com/….. /teztx1.htm or
URGENT - Go to http://www.rjde…… /cool Now

Through a hidden form, it sends an email to an address using a script from a public site.