'Cool' worm chills users' online chats

Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is warning users to be cautious when using instant messaging platforms after a new worm was discovered. JS/Coolnow-A (aka Cool worm) targets MSN Messenger by exploiting a vulnerability in Microsoft Internet Explorer.

Victims will receive an MSN instant message suggesting that the recipient visit a 'cool' website. The text of the message varies but may be similar to "Go to: http://<address of affected website>". Far from visiting a 'cool' web page, if recipients click on the link, they will go to a site featuring malicious JavaScript that forwards the same message to everyone in their MSN contacts list.

"Instant messaging platforms may be a fast and convenient way of keeping up to date with your friends, but they can also be used for virus transmission," said Natasha Staley, anti-virus consultant at Sophos. "With an increasing number of worms infecting IM applications, managers should ensure that only those with a legitimate business purpose are allowed access to these platforms."

Most computer users are now aware of the risk of email-aware viruses and many businesses use internet- and gateway-level email scanners to protect their networks from malicious code. However, instant messaging viruses are a relatively new phenomenon and a strong reminder that viruses do not just spread by email, reinforcing the need for desktop anti-virus protection, combined with a policy of safe computing.

Microsoft released a patch this week for the vulnerability that was first reported last year. The patch can be found at http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.

A virus identity file (IDE) which provides protection is available now from the Sophos website and will be incorporated into the April 2002 (3.56) release of Sophos Anti-Virus.

Please read Sophos's guidelines for safe computing.


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.