high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
JS/CoolSite-A is a worm which spreads by exploiting a security vulnerability detailed in Microsoft Security Bulletin MS00-075.
The worm arrives in an email with the subject:
"Hi!!"
and the body text:
"Hi. I found cool site! http://[omitted] It's really cool!".
If the embedded link is followed, a malicious script code from a web page is run locally. The script code uses a Microsoft Virtual Machine ActiveX component vulnerability to get access to the local file system.
The script then iterates through messages kept in the Microsoft Outlook Sent folder. It changes the subject and the body of every message and attempts to send the message. If a message was previously sent with an attachment, the attachment will be resent by the worm.
JS/CoolSite-A also sets the home page of Internet Explorer to point to a pornographic website.
Note: The script is no longer available from the website and so does not pose any current threat.
Sophos recommends that users update Internet Explorer to the latest Service Release to protect themselves against any further attacks from this vulnerability.
|
