Home / malware JS.Coolnow.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
JS.Coolnow.B is also known as N/A.
Explanation :
The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from the address: www.iespana.es/…./xtreme.htm.
The message Espera por favor… appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title Cargando.... Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.
The text of the message is: "juAs! mira esto tio: www.iespana.es/…./xtreme.htm". Through a hidden form, it sends an email to an address using a script from a public site. This email contains the user name and the current date.
The script also tries to load a page from the same site:
http://www.iespana.es/…../pubp.htmLast update 21 November 2011