Coolsite Worm Leaves Users Red Faced – ‘adult’ Worm Spreading Says Sophos

Sophos, a world leader in corporate anti-virus protection, is urging users to be wary of the CoolSite worm (JS/CoolSite-A). Sophos has received several reports of this worm from the wild.

The malicious code comes in the form of an email with the subject line ‘Hi’ and the body text:

‘Hi. I found cool site! http:// [url omitted] It’s really cool’.

If the recipient clicks on the embedded link, the worm sets the users Internet Explorer homepage to point to a pornographic website.

“Bad grammar, pornography and a Microsoft vulnerability – CoolSite has all the characteristics of a typical worm,” said Natasha Staley, anti-virus consultant at Sophos Anti-Virus. “To avoid sending embarassing weblinks to valued customers and colleagues, it’s vital to update your anti-virus software and be cautious of clicking on unsolicited emails.”

Once activated the worm changes the subject and the body of every message in the Microsoft Outlook Sent folder, and attempts to re-send the message.

Sophos is urging computer users to update their anti-virus protection now, and ensure they download the fix from Microsoft: http://www.microsoft.com/technet/treeview/default.aspurl=/technet/securi ty/bulletin/ms00-075.asp

Sophos has issued protection against this worm. To download protection and read more about the CoolSite worm please visit:

http://www.sophos.com/virusinfo/analyses/jscoolsitea.html

Natasha Staley is available for comment on 01235 544160 or 07976 977969.