Fizzer Worm Wallops World

TechTV.com ^ | 5/12/2003 | Becky Worley

[ex-Texan]

Fizzer Worm Wallops World

Complex new virus spreading fast.

The Fizzer worm, which first caught security experts' attention last Thursday, is hitting computer users across the globe early this week, spreading through email and popular file-swapping networks.

Tonight on "Tech Live," get the very latest news on Fizzer, and see how to get rid of this new menace.

Security firm MessageLabs says its scanners caught 18,000 email messages containing Fizzer on Monday alone. The virus spreads in many different forms; its infection rate is climbing.

McAfee, Trend Micro, and Symantec each rate Fizzer a medium threat, while F-Secure says Fizzer merits its highest-severity rating. The virus affects computers running Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, and Windows XP. It doesn't affect Macs or Linux/Unix machines.

Virus is clever code

The virus first appeared on May 8. According to the technical write-up on the F-Secure website, Fizzer is an incredibly dynamic piece of code. The write-up reads:

The worm can spread itself in emails and in [the] KaZaA P2P (peer-to-peer) file-sharing network. Fizzer worm has a built-in IRC backdoor, a DoS (denial of service) attack tool, a data-stealing trojan (uses external keylogger DLL), [and] an HTTP server.

The biggest threat from Fizzer, perhaps, is the key-logging program it installs on a victim's machine. Keyloggers record everything you type into your PC. They even record screen shots. The captured info is then sent back to the attacker. Infected machines could relay bank account numbers and passwords, screen names and passwords, and other sensitive personal data.

When sent via email, Fizzer uses some of the following subject lines:

I thought this was interesting... rather psychedelic

[There are many more listed in the article]

File swappers beware

Fizzer also lists itself in the KaZaA shared file folders of infected computers running the P2P file-sharing utility. Fizzer poses as a dummy media file, tempting an unsuspecting user to download and double-click it.

The file containing Fizzer's executable code is named by a random generator, but the file extension is always .exe, .pif, .com, or .scr.

Because Fizzer tries to disable antivirus programs, it's especially important that you update your AV definitions.

F-Secure offers a free disinfection tool you can download by clicking this link.

Or you can see F-Secure's technical write-up of the virus. The write-up also links to the disinfection tool.

[ex-Texan]

Al Qaeda again . . . a coordinated attacked ?

[Tunehead54]

bump

[section9]

Thank God I got out of Windows and into Mac.

Just in time. Jeez, and to think I used to use Outlook Express, the Typhoid Mary of internet mail readers.

Be Seeing You,

Chris

[Eagle9]

When sent via email, Fizzer uses some of the following subject lines:

• I thought this was interesting...
• rather psychedelic...
• found this on the net, you might like it...
• discothhque
• imbrue
• Damn it feels good to be gangsta.
• The way I feel - Remy Shand
• Paradigm Shift
• WASSUP!
• Know Thyself
• Hell
• I love you
• Please discard if you don't like or agree with our present leadership...
• little popup remover
• cannot remember
• Yo, WASSUP, B?
• an interesting program...
• You might not appreciate this...
• I think you might find this amusing...
• LOL check this out... hehehe
• question...
• see you tomorrow.
• how are you?
• you need to lose weight.
• why?
• kind of simple, but fun nonetheless.
• check it out.

There's their list of email subject lines.

[Prodigal Son]

I was thinking along the same lines....

[Prodigal Son]

Interesting list. Almost guaranteed to have something for everyone.

[Prodigal Son]

The file containing Fizzer's executable code is named by a random generator, but the file extension is always .exe, .pif, .com, or .scr.

I have an email in my inbox right now that has an attachment infected with a virus with the "scr" file extension.

The from line is "gjones1980" and the subject line is "100 Things B4 I die"

Norton Antivirus caught it. Heads up!

[I_dmc]

The worm can spread itself in emails and in [the] KaZaA P2P (peer-to-peer) file-sharing network.

Gee, do we have RIAA to thank for this?

[BOBWADE]

I just tried to complete my renewal for Norton Antivirus 2002 and found out that its going to cost an extra 10 bucks if I want to call in my credit card informaion or mail a check. What a rip! Any suggestions for a decent antivirus program at a reasonable cost?

[kAcknor]

Any suggestions for a decent antivirus program at a reasonable cost?

kAcknor Sez:

I've been using Trend Micro's PC-cillin for about two years now.  Started with it when we switched from MacAffee & Norton at work. About 50% of our support problems disappeared when we got MacAffee off our systems, and even Norton used far more system resources.

50 Bucks, fairly easy setup, timely updates, and I've had ZERO problems with it in the way of interference with other programs or causing one itself.

To me that's well worth it. 

"tIqIpqu' 'ej nom tIqIp" (Hit them hard and hit them fast.)

Have you checked the *bang_list today?

[Prodigal Son]

Any suggestions for a decent antivirus program at a reasonable cost?

Sorry, I can't help you out there. I've been using Norton for a three years. Paid for the renewal. It updates automatically. I'm happy to this point. Seemed like money well spent.

[Gunslingr3]

I just tried to complete my renewal for Norton Antivirus 2002 and found out that its going to cost an extra 10 bucks if I want to call in my credit card informaion or mail a check. What a rip! Any suggestions for a decent antivirus program at a reasonable cost?

10 dollars is a rip? How long is that good for? How valuable is your time? How long would you spend restoring your PC if a virus hosed it? Jeez...

[BOBWADE]

14.95 for the subscription if paying by credit card online but an extra ten buck to call in the CC number or to mail a check. I just bought norton 2003 with another year of updates for $16.99 shipped fron tekdeals.com.

[Gunslingr3]

You gotta pay for the person sitting there answering phones, plus rent the space they occupy, etc.
With pricing like that they're trying to get you to do it the most efficient way. If you're worried about using your credit card online, you should realize that credit card has been online since you opened the account with the credit card company. It's not magic that the brick and mortar stores use to verify your account each time you use it...

[Uncle Jaque]

Symantec (NORTON) seems to be on top of this pretty well:

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html">http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html

But thanks for the heads-up; I just updated our NORTON AV to be on the safe side!

Another thing I ought to do is as NAV reccomends; set E-mail filters to kick out any incoming with a *.exe, *.scr, *.bat etc. file extension as a matter of course.

[scab4faa]

I see it didn't take long for the "THANK GOD I OWN A MAC!" crowd to come out. Hmmm Let's look at this from a virus programers point of view. Should I write a virus that can infect possible millions of computer or should I write one that can infect the 1% out there that use Mac....

[js1138]

Norton is the only home pc anti-virus program I know of that actively protects Outlook Express. McAfee and PC-Cillin will deal with Outlook, but not Outlook Express.

Since the main source of viruses and worms is email, make sure your anti-virus scans email as it come in and goes out.

[js1138]

I got Norton AFTER being hosed by both bugbear and Klez at the same time. Norton offered free cleanup utilities to do a one time disinfect. I tried Trend's "Housecall" first, but it couldn't handle the magnitude of the problem.

Cleanup took more than eight hours. I didn't lose any data, but had to reinstall a number of programs.

I do recommend Housecall ( http://www.antivirus.com ) any time you have a mysterious problem

[2penguins]

Have a look at AVG.

They have a free version that's pretty good.

www.grisoft.com