Coolnow is a worm that uses Microsoft Messenger to propagate. It uses a vulnerability to execute its code via Internet Explorer.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The worm spreads a message via MSN messenger that contains a link to an infected web page. Some of the messages looks as follows:
URGENT - Go to http://xxx.xxxxxxxx.xxx/xxxX/mel Now ATTeNT!oN - Go to: http://xxx.xxxxxxxxx.xxx/xxxxx_Xxx/teztx1.htm Now
Note! There are several links where the worm code is available. We are trying to shut down these pages which are not disabled yet.
The worm uses an vulnerability to execute. It goes through the users MSN contact list and sends a message with a link to an infected site to each recipient.
Further information, including a fix for the vulnerability, is available from Microsoft at: https://www.microsoft.com/technet/security/bulletin/MS02-005.asp
For PocketPC users:
F-Secure Anti-Virus detects the worm with updates released on February 14th, 2002 at 13:15 local time (GMT+2).
Description Details: Analysis: Katrin Tocheva, Sami Rautiainen and Jarno Niemela, F-Secure; February 14th,