‘Fizzer’ Worm Squirms Across the Web

Online security firms on Monday warned of a new mass-mailing worm spreading
itself via e-mail address books and the KaZaa peer-to-peer network.

Symantec’s Security Response on Monday increased the threat level on the
Fizzer (W32.HLLW.Fizzer@mm) virus, warning it contains a backdoor that uses
mIRC to communicate with a remote attacker and keystroke-logger that records
all keyboard strokes in a separate log file.

Affected systems include Windows 95, Windows 98, Windows NT, Windows
2000, Windows XP and Windows Me. Macintosh, OS/2, UNIX, Linux are not
affected, Symantec noted.

McAfee Security on Monday put the Fizzer virus on watch and
warned that it is capable of mass-mailing itself to addresses gathered from
an infected system’s Outlook Contacts list, Windows Address Book (WAB) and
randomly manufactured addresses.

The worm is capable of triggering a slew of harmful processes, including
the ability to communicate with an IRC bot (Internet Relay Chat) and an AIM
bot (AOL Instant Messenger).

In addition to the keylogger function, the worm is spreading swiftly
through the Kazaa P2P network by dumping multiple copies itself into a
user’s Kazaa file-sharing folder. This makes the worm available for sharing
by all file-traders using Kazaa, security experts warned.

To avoid detection and removal, Fizzer has been fitted with anti-virus
software termination and a self-updating mechanism. McAfee said the worm
also contains its own SMTP engine and uses the default SMTP server as
specified in the Internet Account Manager registry settings. It can also use
any one of several hundred different external SMTP servers.

Fizzer is not the first virus to target Kazaa as a distribution platform.
Last May, anti-virus experts detected the ‘Benjamin’ worm wriggling around Kazaa while masquerading as a music file.