| Home | About Us | Products | Support | Downloads | Resellers | Links |
|
|
|
||||||||
|
|
|||||||||
|
|||||||||
Inter Engineering and F-Secure Corporation,
leaders in protection against computer viruses, inform computer users
about the appearance of a new worm named Fizzer.
Fizzer is a complex e-mail worm that appeared on the 8th of May, 2003.
The worm can spread itself in e-mails in the form of infected attachments
with extensions .EXE, .PIF, .SCR and .COM. The user actually has to
click on the attached file for his machine to become infected.
Subjects and body of the email messages are chosen randomly from its
internal lists. E-mail addresses are collected by the worm from Windows
and Outlook Address Books on an infected computer.
An example is
Subject:
I thought this was interesting...
Body:
If you don't like it, just delete it.
Attachment:
Jesus123.exe
The worm can also use German strings to compose e-mail messages.
Fizzer also spreads through the well known Kazaa music exchange network. To do that it copies itself into the Kazaa shared directory on an infected machine. All users connecting to that directory are in danger of downloading the infected file and become infected themselves.
The Fizzer worm has a built-in IRC backdoor. It tries to connect to a large number of IRC servers worldwide enabling the virus writer to have (limited) control over infected machines. It also contains a DoS (Denial of Service) attack tool, a data stealing trojan (uses external keylogger DLL), and an HTTP server. The worm has the functionality to kill tasks of certain anti-virus programs. Additionally the worm has autoupdating capabilities over the Internet.
The worm contains the following "message"
from the worm's author inside its body:
I sent this program (Sparky) from anonymous places on the net.
The way to gain a good reputation is to endeavor to be what you
desire to appear.
There is only one good, knowledge, and one evil, ignorance.
Watchin' the game, having a bud.
Did you ever stop to think that viruses are good for the
economy? Maybe the primary creators of the world's worst viruses
are the companies that make the Anti-Virus software.
Disinfection Instructions
To get rid of the worm it's enough to delete its files from Windows
directory and Kazaa shared folders and to remove its entries from
the registry. Inter Engineering has a utility available for that.
Detection
F-Secure Anti-Virus detects and protects against the Fizzer worm
with the updates published on May 9th, 2003:
Seriousness
Until the writing of this press release, there is contradiction regarding how widespread the Fizzer worm is. There are sources reporting very wide spreading. However a questionary performed amongst F-Secure partners in Europe has shown very moderate appearance of the new Worm. In most countries no incidents have been reported at all.
This does not mean that an outbreak cannot occur and users are advised to keep their Anti Virus solutions enabled and up-to-date.
About Inter Engineering
Inter Engineering is one of the few companies specialized in Data Security. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with strong cryptography, access control, copy protection, biometrics and data recovery. The Company cooperates closely with leading providers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.