Fizzer worm has high potential for damage, experts warn


Fizzer worm has high potential for damage, experts warn

Daniel Thomas
Security experts have warned internet users about a mass-mailing worm which has high potential for damage because of its ability to distribute widely and quickly.

The Fizzer worm, which spreads via e-mail and the Kazaa peer-to-peer (P2P) file sharing network, can update itself via download from a geocities website, said internet security firm Trend Micro, which has classed the worm as medium risk.

The worm, which arrives as a file attachment with a .EXE,.PIF, .COM, or .SCR extension, has an SMTP engine, which it uses to send copies of itself via e-mail.  It obtains recipients from addresses found in Windows Address Book.

Fizzer was first detected in the Far East, but it would seem it was created by a German (or someone with a good knowledge of German) given the use of dialect within the subject line, Trend Micro said. English is also used in the subject line and in the main body of the e-mail.

The worm can also enter systems via an IRC backdoor by connecting itself to IRC servers and joining IRC channels.  It will then perform commands coming from the channel.

The distribution potential of the worm is increased by the fact that it can disable some anti-virus scanners terminating any of the processes mentioned below, Trend Micro warned.

In a separate development, the CERT Co-ordination Center has warned internet users to beware of the "Mother's Day Virus", the latest e-mail-borne threat that could allow an attacker to run malicious code on a victim's computer.

CERT warns of Mother's Day threat >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy