The Fizzer worm, which spreads via e-mail and the Kazaa peer-to-peer (P2P) file sharing network, can update itself via download from a geocities website, said internet security firm Trend Micro, which has classed the worm as medium risk.
The worm, which arrives as a file attachment with a .EXE,.PIF, .COM, or .SCR extension, has an SMTP engine, which it uses to send copies of itself via e-mail. It obtains recipients from addresses found in Windows Address Book.
Fizzer was first detected in the Far East, but it would seem it was created by a German (or someone with a good knowledge of German) given the use of dialect within the subject line, Trend Micro said. English is also used in the subject line and in the main body of the e-mail.
The worm can also enter systems via an IRC backdoor by connecting itself to IRC servers and joining IRC channels. It will then perform commands coming from the channel.
The distribution potential of the worm is increased by the fact that it can disable some anti-virus scanners terminating any of the processes mentioned below, Trend Micro warned.
In a separate development, the CERT Co-ordination Center has warned internet users to beware of the "Mother's Day Virus", the latest e-mail-borne threat that could allow an attacker to run malicious code on a victim's computer.CERT warns of Mother's Day threat >>