A new worm that uses Microsoft's instant messenger application MSN Messenger to propagate has been spotted by several antivirus software vendors.
Dubbed "JS.Menger.Worm" by Symantec and "Coolnow" by F-Secure, the worm sends instant messages, but does no damage to a user's system, the antivirus software vendors said. F-Secure is trying to shut down the sites hosting the malicious code before it becomes very widespread, the company said.
"The worm is a modified version of our example code. We never intended for anybody to copy the code, although we kind of expected it would happen," said Thor Larholm, one of the two Europeans who demonstrated how specially crafted code on a Web page could take over MSN Messenger. "We published the example to put pressure on Microsoft to patch vulnerabilities that they are fully aware of."
Microsoft on Monday released a bundle of patches for IE that fixes the flaw used by the MSN Messenger worm, Larholm and the antivirus software vendors said.
Still, a PC with IE is all but secure, according to Larholm.
"The patch doesn't fix all the problems in IE. It fixes a lot, Microsoft deserves kudos for that, but there are still publicly known vulnerabilities, some two months old, that allow an attacker to read any local file and execute arbitrary commands on a user's system," Larholm said. The Danish Internet programmer maintains a list of unplugged holes on his Web site (http://jscript.dk/unpatched/).
Both Symantec and F-Secure have updated their antivirus products so they can detect the worm. No one at Microsoft was immediately available to comment.