Security news
Security news14 February 2002
'Cool' worm chills users' online chats
Sophos, a world leader in corporate
Victims will receive an MSN instant message suggesting that the recipient visit a 'cool' website. The text of the message varies but may be similar to "Go to: http://<address of affected website>". Far from visiting a 'cool' web page, if recipients click on the link, they will go to a site featuring malicious JavaScript that forwards the same message to everyone in their MSN contacts list.
"Instant messaging platforms may be a fast and convenient way of keeping up to date with your friends, but they can also be used for virus transmission," said Natasha Staley, anti-virus consultant at Sophos. "With an increasing number of worms infecting IM applications, managers should ensure that only those with a legitimate business purpose are allowed access to these platforms."
Most computer users are now aware of the risk of email-aware viruses and many businesses use internet- and gateway-level email scanners to protect their networks from malicious code. However, instant messaging viruses are a relatively new phenomenon and a strong reminder that viruses do not just spread by email, reinforcing the need for desktop
Microsoft released a patch this week for the vulnerability that was first reported last year. The patch can be found at http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.
A virus identity file (IDE) which provides protection is available now from the Sophos website and will be incorporated into the April 2002 (3.56) release of Sophos
Please read Sophos's guidelines for safe computing.
