'Fizzer' Worm Squirms Across the Web
Anti-virus experts are monitoring a new mass-mailing worm spreading itself via e-mail address books and the Kazaa P2P network.
Symantec's Security Response on Monday increased the threat level on the Fizzer (W32.HLLW.Fizzer@mm) virus, warning it contains a backdoor that uses mIRC to communicate with a remote attacker and keystroke-logger that records all keyboard strokes in a separate log file.
Affected systems include Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP and Windows Me. Macintosh, OS/2, UNIX, Linux are not affected, Symantec noted.
McAfee Security on Monday put the Fizzer virus on watch and warned that it is capable of mass-mailing itself to addresses gathered from an infected system's Outlook Contacts list, Windows Address Book (WAB) and randomly manufactured addresses.
In addition to the keylogger function, the worm is spreading swiftly through the Kazaa P2P network by dumping multiple copies itself into a user's Kazaa file-sharing folder. This makes the worm available for sharing by all file-traders using Kazaa, security experts warned.
To avoid detection and removal, Fizzer has been fitted with anti-virus
software termination and a self-updating mechanism. McAfee said the worm
also contains its own SMTP engine and uses the default SMTP
Fizzer is not the first virus to target Kazaa as a distribution platform. Last May, anti-virus experts detected the 'Benjamin' worm wriggling around Kazaa while masquerading as a music file.