Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Worm Spreads Through MSN Messenger

Newest pest exploits known hole in IE browser, updates advised.

Joris Evers, IDG News Service

  • 0 Yes
  • 0 No

A new worm that uses Microsoft's instant messenger program MSN Messenger to propagate has been spotted by several antivirus software vendors.

The worm arrives in an instant message that contains text telling the recipient to go to one of several Web sites. The text says either "URGENT--go to (url) now," or "ATTeNT!oN--go to (url) now." Clicking on the URL link in the message opens a Web page with malicious JavaScript code that sends instant messages advertising the Web page, or other Web pages with the code, to all MSN Messenger users on the victim's contacts list. Both Symantec and F-Secure described the worm's methodology in advisories Thursday.

Dubbed "JS.Menger.Worm" by Symantec and "Coolnow" by F-Secure, the worm sends instant messages, but apparently does not damage a user's system, the antivirus software vendors said. F-Secure is trying to shut down the sites hosting the malicious code before it becomes very widespread, the company said.

Related Holes

The JavaScript code takes control of MSN Messenger by exploiting a known flaw in Microsoft's Internet Explorer Web browser. An example of how to stage such an attack was published last weekend by two European experts. That example was used to craft the worm, according to the experts.

"The worm is a modified version of our example code. We never intended for anybody to copy the code, although we kind of expected it would happen," said Thor Larholm, one of the two Europeans who demonstrated how specially crafted code on a Web page could take over MSN Messenger. "We published the example to put pressure on Microsoft to patch vulnerabilities that they are fully aware of."

Microsoft on Monday released a bundle of patches for IE that fixes the flaw used by the MSN Messenger worm, Larholm and the antivirus software vendors said.

Flaws Remain

Still, a PC with IE is all but secure, according to Larholm.

"The patch doesn't fix all the problems in IE. It fixes a lot, Microsoft deserves kudos for that, but there are still publicly known vulnerabilities, some two months old, that allow an attacker to read any local file and execute arbitrary commands on a user's system," Larholm said. The Danish Internet programmer maintains a list of unplugged holes on his Web site.

Both Symantec and F-Secure have updated their antivirus products so they can detect the worm. No one at Microsoft was immediately available to comment.

  • Recommend this story?
  • 0 Yes
    0 No
  • Great year-end deals
    for small business!

  • Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!

    Learn more

  • HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!

    Learn more

  • *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links