‘Fizzer’ Worm Squirms Across the Web

Online security firms on Monday warned of a new mass-mailing worm spreading itself via e-mail address books and the KaZaa peer-to-peer network.

Symantec’s Security Response on Monday increased the threat level on the Fizzer (W32.HLLW.Fizzer@mm) virus, warning it contains a backdoor that uses mIRC to communicate with a remote attacker and keystroke-logger that records all keyboard strokes in a separate log file.

Affected systems include Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP and Windows Me. Macintosh, OS/2, UNIX, Linux are not affected, Symantec noted.

McAfee Security on Monday put the Fizzer virus on watch and warned that it is capable of mass-mailing itself to addresses gathered from an infected system’s Outlook Contacts list, Windows Address Book (WAB) and randomly manufactured addresses.

The worm is capable of triggering a slew of harmful processes, including the ability to communicate with an IRC bot (Internet Relay Chat) and an AIM bot (AOL Instant Messenger).

In addition to the keylogger function, the worm is spreading swiftly through the Kazaa P2P network by dumping multiple copies itself into a user’s Kazaa file-sharing folder. This makes the worm available for sharing by all file-traders using Kazaa, security experts warned.

To avoid detection and removal, Fizzer has been fitted with anti-virus software termination and a self-updating mechanism. McAfee said the worm also contains its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings. It can also use any one of several hundred different external SMTP servers.

Fizzer is not the first virus to target Kazaa as a distribution platform. Last May, anti-virus experts detected the ‘Benjamin’ worm wriggling around Kazaa while masquerading as a music file.