JS/CoolSite-A is a worm which spreads by exploiting a security vulnerability detailed in Microsoft Security Bulletin MS00-075.
The worm arrives in an email with the subject:
"Hi!!"
and the body text:
"Hi. I found cool site! http://[omitted] It's really cool!".
If the embedded link is followed, a malicious script code from a web page is run locally. The script code uses a Microsoft Virtual Machine ActiveX component vulnerability to get access to the local file system.
The script then iterates through messages kept in the Microsoft Outlook Sent folder. It changes the subject and the body of every message and attempts to send the message. If a message was previously sent with an attachment, the attachment will be resent by the worm.
JS/CoolSite-A also sets the home page of Internet Explorer to point to a pornographic website.
Note: The script is no longer available from the website and so does not pose any current threat.
Sophos recommends that users update Internet Explorer to the latest Service Release to protect themselves against any further attacks from this vulnerability.