FRISK Software International

Summary of JS/Coolnow.A@mm
Alias:JS/Exploit-Messenger, JS_MENGER
Discovered: 14 Feb 2002
Definition files: 14 Feb 2002
Risk Level: Low
Infection Method:MSN Messenger
Jump to:
Brief description

Brief Description

A new worm called JS/Coolnow has started spreading through the MSN messenger service from Microsoft. This worm is coded in JavaScript and utilises a known security flaw in Internet Explorer to infect through MSN Messenger. Microsoft has already published a patch for this security flaw and information on how to fix this flaw can be found here:

The worm spreads through MSN Messenger by sending a link to a web page to every contact in an infected users contact list. The worm is hosted on several web pages but they all have a malicious JavaScript embedded that opens MSN Messenger program and sends that URL to all contacts on the contact list.

This worm has no other known damaging payload.

JS/Coolnow.A@mm and its variants are detected by F-Prot Antivirus™ using virus signature files since February 14th or later.

FRISK Software International's Viruslab Team

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)