Coolnow is a worm that uses Microsoft Messenger to propagate. It uses a vulnerability to execute its code via Internet Explorer.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The worm spreads a message via MSN messenger that contains a link to an infected web page. Some of the messages looks as follows:
URGENT - Go to http://xxx.xxxxxxxx.xxx/xxxX/mel Now ATTeNT!oN - Go to: http://xxx.xxxxxxxxx.xxx/xxxxx_Xxx/teztx1.htm Now
Note! There are several links where the worm code is available. We are trying to shut down these pages which are not disabled yet.
The worm uses an vulnerability to execute. It goes through the users MSN contact list and sends a message with a link to an infected site to each recipient.
Further information, including a fix for the vulnerability, is available from Microsoft at: https://www.microsoft.com/technet/security/bulletin/MS02-005.asp
For PocketPC users:
F-Secure Anti-Virus detects the worm with updates released on February 14th, 2002 at 13:15 local time (GMT+2).
Description Details: Analysis: Katrin Tocheva, Sami Rautiainen and Jarno Niemela, F-Secure; February 14th,