Watch for this one, doesn't contain an attachment but has some tricks up
it's sleeve.
-Tony
Description:
JS/CoolSite-A is a worm which spreads by exploiting a security
vulnerability detailed in Microsoft Security Bulletin MS00-075.
The worm arrives in an email with the subject:
"Hi!!"
and the body text:
"Hi. I found cool site!
http://[omitted] It's really cool!".
If the embedded link is followed, a malicious script code from a
web page is run locally. The script code uses a Microsoft
Virtual Machine ActiveX component vulnerability to get access to
the local file system.
The script then iterates through messages kept in the Microsoft
Outlook Sent folder. It changes the subject and the body of
every message and attempts to send the message. If a message was
previously sent with an attachment, the attachment will be
resent by the worm.
JS/CoolSite-A also sets the home page of Internet Explorer to
point to a pornographic web site.
