The Fizzer worm appears to have had little impact on corporate networks, but with a growing number of users logging into corporate networks from home and other relatively insecure remote locations, the malicious code and spyware that such viruses leave behind on unprotected systems could prove to be a long-term headache for companies.
Fizzer represents an emerging class of malicious code that relies on a variety of ways to try and circumvent increasingly sophisticated corporate network defences.
The worm was contained in executable e-mail attachments with innocuous subject headers. In most cases, users had to click on the e-mail attachment before the virus could start executing code.
In general, companies with updated antivirus software and policies for filtering executable e-mail attachments would have been protected against Fizzer, said Russ Cooper, an analyst at TruSecure.
Companies without such basic perimeter defences measures are being "derelict in their duty," said Pete Lindstrom, an analyst at Spire Security.
But workers who dial into the corporate network from home and other remote locations may not always have the same defences and are more vulnerable to infection, said Michael Allgeier, data security officer at the Colorado River Authority.
This could prove dangerous because of the payload carried by viruses such as Fizzer, a complex e-mail worm that contains a built-in IRC backdoor, a denial-of-service attack tool, a (keystroke logging) Trojan, an HTTP server and other components.
Such capabilities could allow hackers to control compromised machines remotely, steal from them or mine them for passwords, analysts said. Connecting such a compromised system to a corporate network could allow hackers to burrow past other defences.
"I think the biggest security threat today is remote users," said David Krauthamer, director of IS at Advanced Fibre Communications, a manufacturer of telecommunications equipment.
"VPN access is proliferating and, with the onset of wireless home networking, it's becoming easier to gain an a foothold to a corporate network."
Companies need to ensure that remote workers are covered by the same security polices that govern the corporate network, Lindstrom said. "It's a question of evaluating all the different attack points and distributed components in your environment," and protecting them.