News

Fizzer worm has high potential for damage, experts warn

Daniel Thomas
Security experts have warned internet users about a mass-mailing worm which has high potential for damage because of its ability to distribute widely and quickly.

The Fizzer worm, which spreads via e-mail and the Kazaa peer-to-peer (P2P) file sharing network, can update itself via download from a geocities website, said internet security firm Trend Micro, which has classed the worm as medium risk.

The worm, which arrives as a file attachment with a .EXE,.PIF, .COM, or .SCR extension, has an SMTP engine, which it uses to send copies of itself via e-mail.  It obtains recipients from addresses found in Windows Address Book.

Fizzer was first detected in the Far East, but it would seem it was created by a German (or someone with a good knowledge of German) given the use of dialect within the subject line, Trend Micro said. English is also used in the subject line and in the main body of the e-mail.

The worm can also enter systems via an IRC backdoor by connecting itself to IRC servers and joining IRC channels.  It will then perform commands coming from the channel.

The distribution potential of the worm is increased by the fact that it can disable some anti-virus scanners terminating any of the processes mentioned below, Trend Micro warned.

In a separate development, the CERT Co-ordination Center has warned internet users to beware of the "Mother's Day Virus", the latest e-mail-borne threat that could allow an attacker to run malicious code on a victim's computer.

CERT warns of Mother's Day threat >>

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy