Coolnow is a worm that uses Microsoft Messenger to propagate. It uses a vulnerability to execute its code via Internet Explorer.
Disinfection & Removal
The worm spreads a message via MSN messenger that contains a link to an infected web page. Some of the messages looks as follows:
URGENT - Go to http://xxx.xxxxxxxx.xxx/xxxX/mel Now ATTeNT!oN - Go to: http://xxx.xxxxxxxxx.xxx/xxxxx_Xxx/teztx1.htm Now
Note! There are several links where the worm code is available. We are trying to shut down these pages which are not disabled yet.
The worm uses an vulnerability to execute. It goes through the users MSN contact list and sends a message with a link to an infected site to each recipient.
Further information, including a fix for the vulnerability, is available from Microsoft at: http://www.microsoft.com/technet/security/bulletin/MS02-005.asp
For PocketPC users:
F-Secure Anti-Virus detects the worm with updates released on February 14th, 2002 at 13:15 local time (GMT+2).
Description Created: Analysis: Katrin Tocheva, Sami Rautiainen and Jarno Niemela, F-Secure; February 14th,