Coolnow is a worm that uses Microsoft Messenger to propagate. It uses a vulnerability to execute its code via Internet Explorer.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The worm spreads a message via MSN messenger that contains a link to an infected web page. Some of the messages looks as follows:
URGENT - Go to http://xxx.xxxxxxxx.xxx/xxxX/mel Now ATTeNT!oN - Go to: http://xxx.xxxxxxxxx.xxx/xxxxx_Xxx/teztx1.htm Now
Note! There are several links where the worm code is available. We are trying to shut down these pages which are not disabled yet.
The worm uses an vulnerability to execute. It goes through the users MSN contact list and sends a message with a link to an infected site to each recipient.
Further information, including a fix for the vulnerability, is available from Microsoft at: https://www.microsoft.com/technet/security/bulletin/MS02-005.asp
For PocketPC users:
F-Secure Anti-Virus detects the worm with updates released on February 14th, 2002 at 13:15 local time (GMT+2).