Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Fizzer Worm Wallops World
TechTV.com ^ | 5/12/2003 | Becky Worley

Posted on 05/12/2003 8:34:56 PM PDT by ex-Texan

Fizzer Worm Wallops World

Complex new virus spreading fast.

The Fizzer worm, which first caught security experts' attention last Thursday, is hitting computer users across the globe early this week, spreading through email and popular file-swapping networks.

Tonight on "Tech Live," get the very latest news on Fizzer, and see how to get rid of this new menace.

Security firm MessageLabs says its scanners caught 18,000 email messages containing Fizzer on Monday alone. The virus spreads in many different forms; its infection rate is climbing.

McAfee, Trend Micro, and Symantec each rate Fizzer a medium threat, while F-Secure says Fizzer merits its highest-severity rating. The virus affects computers running Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, and Windows XP. It doesn't affect Macs or Linux/Unix machines.

Virus is clever code

The virus first appeared on May 8. According to the technical write-up on the F-Secure website, Fizzer is an incredibly dynamic piece of code. The write-up reads:

The worm can spread itself in emails and in [the] KaZaA P2P (peer-to-peer) file-sharing network. Fizzer worm has a built-in IRC backdoor, a DoS (denial of service) attack tool, a data-stealing trojan (uses external keylogger DLL), [and] an HTTP server.

The biggest threat from Fizzer, perhaps, is the key-logging program it installs on a victim's machine. Keyloggers record everything you type into your PC. They even record screen shots. The captured info is then sent back to the attacker. Infected machines could relay bank account numbers and passwords, screen names and passwords, and other sensitive personal data.

When sent via email, Fizzer uses some of the following subject lines:

I thought this was interesting... rather psychedelic

[There are many more listed in the article]

File swappers beware

Fizzer also lists itself in the KaZaA shared file folders of infected computers running the P2P file-sharing utility. Fizzer poses as a dummy media file, tempting an unsuspecting user to download and double-click it.

The file containing Fizzer's executable code is named by a random generator, but the file extension is always .exe, .pif, .com, or .scr.

Because Fizzer tries to disable antivirus programs, it's especially important that you update your AV definitions.

F-Secure offers a free disinfection tool you can download by clicking this link.

Or you can see F-Secure's technical write-up of the virus. The write-up also links to the disinfection tool.

(Excerpt) Read more at techtv.com ...


TOPICS: Announcements; Crime/Corruption; Culture/Society; Foreign Affairs
KEYWORDS: deadlynewworm; pcvirus
Navigation: use the links below to view more comments.
first 1-2021 next last
Al Qaeda again . . . a coordinated attacked ?
1 posted on 05/12/2003 8:34:56 PM PDT by ex-Texan
[ Post Reply | Private Reply | View Replies]

To: ex-Texan
bump
2 posted on 05/12/2003 8:48:35 PM PDT by Tunehead54 (Support Our Troops!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ex-Texan

Thank God I got out of Windows and into Mac.

Just in time. Jeez, and to think I used to use Outlook Express, the Typhoid Mary of internet mail readers.

Be Seeing You,

Chris

3 posted on 05/12/2003 8:51:09 PM PDT by section9 (Major Kusanagi: back from vacation! Tanned, rested, and ready.....)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #4 Removed by Moderator

To: ex-Texan

When sent via email, Fizzer uses some of the following subject lines:

There's their list of email subject lines.

5 posted on 05/12/2003 9:15:26 PM PDT by Eagle9
[ Post Reply | Private Reply | To 1 | View Replies]

To: walkingman
I was thinking along the same lines....
6 posted on 05/12/2003 9:28:09 PM PDT by Prodigal Son
[ Post Reply | Private Reply | To 4 | View Replies]

To: Eagle9
Interesting list. Almost guaranteed to have something for everyone.
7 posted on 05/12/2003 9:33:10 PM PDT by Prodigal Son
[ Post Reply | Private Reply | To 5 | View Replies]

To: ex-Texan
The file containing Fizzer's executable code is named by a random generator, but the file extension is always .exe, .pif, .com, or .scr.

I have an email in my inbox right now that has an attachment infected with a virus with the "scr" file extension.

The from line is "gjones1980" and the subject line is "100 Things B4 I die"

Norton Antivirus caught it. Heads up!

8 posted on 05/12/2003 9:41:07 PM PDT by Prodigal Son
[ Post Reply | Private Reply | To 1 | View Replies]

To: ex-Texan
The worm can spread itself in emails and in [the] KaZaA P2P (peer-to-peer) file-sharing network.

Gee, do we have RIAA to thank for this?

9 posted on 05/12/2003 9:54:07 PM PDT by I_dmc
[ Post Reply | Private Reply | To 1 | View Replies]

To: Prodigal Son
I just tried to complete my renewal for Norton Antivirus 2002 and found out that its going to cost an extra 10 bucks if I want to call in my credit card informaion or mail a check. What a rip! Any suggestions for a decent antivirus program at a reasonable cost?
10 posted on 05/12/2003 9:55:14 PM PDT by BOBWADE
[ Post Reply | Private Reply | To 7 | View Replies]

To: BOBWADE
Any suggestions for a decent antivirus program at a reasonable cost?

kAcknor Sez:

I've been using Trend Micro's PC-cillin for about two years now.  Started with it when we switched from MacAffee & Norton at work. About 50% of our support problems disappeared when we got MacAffee off our systems, and even Norton used far more system resources.

50 Bucks, fairly easy setup, timely updates, and I've had ZERO problems with it in the way of interference with other programs or causing one itself.

To me that's well worth it. 

"tIqIpqu' 'ej nom tIqIp" (Hit them hard and hit them fast.)

Have you checked the *bang_list today?

11 posted on 05/12/2003 10:38:00 PM PDT by kAcknor
[ Post Reply | Private Reply | To 10 | View Replies]

To: BOBWADE
Any suggestions for a decent antivirus program at a reasonable cost?

Sorry, I can't help you out there. I've been using Norton for a three years. Paid for the renewal. It updates automatically. I'm happy to this point. Seemed like money well spent.

12 posted on 05/12/2003 10:59:45 PM PDT by Prodigal Son
[ Post Reply | Private Reply | To 10 | View Replies]

To: BOBWADE
I just tried to complete my renewal for Norton Antivirus 2002 and found out that its going to cost an extra 10 bucks if I want to call in my credit card informaion or mail a check. What a rip! Any suggestions for a decent antivirus program at a reasonable cost?

10 dollars is a rip? How long is that good for? How valuable is your time? How long would you spend restoring your PC if a virus hosed it? Jeez...

13 posted on 05/12/2003 11:25:40 PM PDT by Gunslingr3
[ Post Reply | Private Reply | To 10 | View Replies]

To: Gunslingr3
14.95 for the subscription if paying by credit card online but an extra ten buck to call in the CC number or to mail a check. I just bought norton 2003 with another year of updates for $16.99 shipped fron tekdeals.com.
14 posted on 05/13/2003 4:19:59 AM PDT by BOBWADE
[ Post Reply | Private Reply | To 13 | View Replies]

To: BOBWADE
You gotta pay for the person sitting there answering phones, plus rent the space they occupy, etc.
With pricing like that they're trying to get you to do it the most efficient way. If you're worried about using your credit card online, you should realize that credit card has been online since you opened the account with the credit card company. It's not magic that the brick and mortar stores use to verify your account each time you use it...
15 posted on 05/13/2003 5:26:23 AM PDT by Gunslingr3
[ Post Reply | Private Reply | To 14 | View Replies]

To: Prodigal Son
Symantec (NORTON) seems to be on top of this pretty well:

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html">http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html

But thanks for the heads-up; I just updated our NORTON AV to be on the safe side!

Another thing I ought to do is as NAV reccomends; set E-mail filters to kick out any incoming with a *.exe, *.scr, *.bat etc. file extension as a matter of course.
16 posted on 05/13/2003 11:19:44 AM PDT by Uncle Jaque (Any day without incoming ordnance can't be all bad! {8^{D~)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ex-Texan
I see it didn't take long for the "THANK GOD I OWN A MAC!" crowd to come out. Hmmm Let's look at this from a virus programers point of view. Should I write a virus that can infect possible millions of computer or should I write one that can infect the 1% out there that use Mac....
17 posted on 05/13/2003 3:43:32 PM PDT by scab4faa (Perfection is my direction! *Looks at a map* I think I'm going the wrong way...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BOBWADE
Norton is the only home pc anti-virus program I know of that actively protects Outlook Express. McAfee and PC-Cillin will deal with Outlook, but not Outlook Express.

Since the main source of viruses and worms is email, make sure your anti-virus scans email as it come in and goes out.

18 posted on 05/13/2003 3:51:39 PM PDT by js1138
[ Post Reply | Private Reply | To 10 | View Replies]

To: js1138
I got Norton AFTER being hosed by both bugbear and Klez at the same time. Norton offered free cleanup utilities to do a one time disinfect. I tried Trend's "Housecall" first, but it couldn't handle the magnitude of the problem.

Cleanup took more than eight hours. I didn't lose any data, but had to reinstall a number of programs.

I do recommend Housecall ( http://www.antivirus.com ) any time you have a mysterious problem

19 posted on 05/13/2003 3:58:07 PM PDT by js1138
[ Post Reply | Private Reply | To 18 | View Replies]

To: BOBWADE
Have a look at AVG.

They have a free version that's pretty good.

www.grisoft.com
20 posted on 05/13/2003 4:14:45 PM PDT by 2penguins (some cultures should be lost forever)
[ Post Reply | Private Reply | To 10 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson