Instant message worm exploits IE flaw


Instant message worm exploits IE flaw

Several antivirus software vendors have spotted a new worm that uses Microsoft's MSN Messenger to propagate.

The worm arrives in an instant message that tells the recipient to go to one of several Web sites. The text says either "URGENT - go to [url] now," or "ATTeNT!oN -- go to [url] now." Clicking on the link opens a Web page with malicious JavaScript code that sends instant messages advertising the Web page, or other Web pages with the code, to all the MSN Messenger users on the user's contacts list.

Dubbed "JS.Menger.Worm" by Symantec and "Coolnow" by F-Secure, the worm sends instant messages, but does no damage to a user's system. F-Secure is trying to shut down the sites hosting the malicious code before it becomes widespread, the company said.

The JavaScript code takes control of MSN Messenger by exploiting a known flaw in Internet Explorer. An example of how to stage such an attack was published last weekend by two European experts, who now say that example was used to craft the worm.

"The worm is a modified version of our example code," admitted Thor Larholm, one of the experts. "We never intended for anybody to copy the code, although we kind of expected it would happen."

"We published the example to put pressure on Microsoft to patch vulnerabilities that they are fully aware of," Larholm claimed.

Larholm and the antivirus software vendors said that Microsoft released a bundle of patches that fix the flaw used by the MSN Messenger worm on 11 February.

However, a PC with IE is all but secure, according to Larholm.

"The patch doesn't fix all the problems in IE. It fixes a lot, Microsoft deserves kudos for that, but there are still publicly known vulnerabilities, some two months old, that allow an attacker to read any local file and execute arbitrary commands on a user's system," Larholm said.

Larholm maintains a list of unplugged holes on his Web site (

Both Symantec and F-Secure have updated their antivirus products so they can detect the worm. No one at Microsoft was immediately available to comment.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy