Home / malware JS.Coolnow.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
JS.Coolnow.A is also known as JS/Exploit-Messenger, JS_Menger.Gen, JS.Menger.Worm.
Explanation :
The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from one of the addresses:
http://www.rjde……../cool,
http://www.geocities.com/………tx1.htm, etc.
These pages have been removed by now.
The message "Please Wait…" appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title "Please Wait…". Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.
The text of the message could be:
Hey Go to http://www.geocities.com /……./teztx1.htm plz or
ATTeNT!oN - Go to: http://www.geocities.com/….. /teztx1.htm or
URGENT - Go to http://www.rjde…… /cool Now
Through a hidden form, it sends an email to an address using a script from a public site.Last update 21 November 2011