Sophos, a world leader in corporate anti-virus protection, is
warning users to be cautious when using instant messaging platforms
after a new worm was discovered. JS/Coolnow-A (aka Cool
worm) targets MSN Messenger by exploiting a vulnerability in
Microsoft Internet Explorer.
Victims will receive an MSN instant message suggesting that the
recipient visit a 'cool' website. The text of the message varies
but may be similar to "Go to: http://<address of affected
website>". Far from visiting a 'cool' web page, if recipients
click on the link, they will go to a site featuring malicious
JavaScript that forwards the same message to everyone in their MSN
contacts list.
"Instant messaging platforms may be a fast and convenient way of
keeping up to date with your friends, but they can also be used for
virus transmission," said Natasha Staley, anti-virus consultant at
Sophos. "With an increasing number of worms infecting IM
applications, managers should ensure that only those with a
legitimate business purpose are allowed access to these
platforms."
Most computer users are now aware of the risk of email-aware
viruses and many businesses use internet- and gateway-level email
scanners to protect their networks from malicious code. However,
instant messaging viruses are a relatively new phenomenon and a
strong reminder that viruses do not just spread by email,
reinforcing the need for desktop anti-virus protection, combined
with a policy of safe computing.
Microsoft released a patch this week for the vulnerability that
was first reported last year. The patch can be found at http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.
A virus identity file (IDE) which
provides protection is available now from the Sophos website and
will be incorporated into the April 2002 (3.56) release of Sophos
Anti-Virus.
Please read Sophos's guidelines for
safe computing.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.