Coolnow is a worm that uses Microsoft Messenger to propagate. It uses a vulnerability to execute its code via Internet Explorer.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
The worm spreads a message via MSN messenger that contains a link to an infected web page. Some of the messages looks as follows:
URGENT - Go to http://xxx.xxxxxxxx.xxx/xxxX/mel Now ATTeNT!oN - Go to: http://xxx.xxxxxxxxx.xxx/xxxxx_Xxx/teztx1.htm Now
Note! There are several links where the worm code is available. We are trying to shut down these pages which are not disabled yet.
The worm uses an vulnerability to execute. It goes through the users MSN contact list and sends a message with a link to an infected site to each recipient.
Further information, including a fix for the vulnerability, is available from Microsoft at: http://www.microsoft.com/technet/security/bulletin/MS02-005.asp
For PocketPC users:
F-Secure Anti-Virus detects the worm with updates released on February 14th, 2002 at 13:15 local time (GMT+2).
Description Details: Analysis: Katrin Tocheva, Sami Rautiainen and Jarno Niemela, F-Secure; February 14th,