'Cool' worm chills users' online chats

February 14, 2002 Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is warning users to be cautious when using instant messaging platforms after a new worm was discovered. JS/Coolnow-A (aka Cool worm) targets MSN Messenger by exploiting a vulnerability in Microsoft Internet Explorer.

Victims will receive an MSN instant message suggesting that the recipient visit a 'cool' website. The text of the message varies but may be similar to "Go to: http://<address of affected website>". Far from visiting a 'cool' web page, if recipients click on the link, they will go to a site featuring malicious JavaScript that forwards the same message to everyone in their MSN contacts list.

"Instant messaging platforms may be a fast and convenient way of keeping up to date with your friends, but they can also be used for virus transmission," said Natasha Staley, anti-virus consultant at Sophos. "With an increasing number of worms infecting IM applications, managers should ensure that only those with a legitimate business purpose are allowed access to these platforms."

Most computer users are now aware of the risk of email-aware viruses and many businesses use internet- and gateway-level email scanners to protect their networks from malicious code. However, instant messaging viruses are a relatively new phenomenon and a strong reminder that viruses do not just spread by email, reinforcing the need for desktop anti-virus protection, combined with a policy of safe computing.

Microsoft released a patch this week for the vulnerability that was first reported last year. The patch can be found at http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.

A virus identity file (IDE) which provides protection is available now from the Sophos website and will be incorporated into the April 2002 (3.56) release of Sophos Anti-Virus.

Please read Sophos's guidelines for safe computing.