�Fizer� worm spreads rapidly across the Internet
May 15, 2003
A new worm known as "Fizzer" has spread rapidly around the world using email and the KaZaa peer-to-peer file swapping program to propagate itself.
The malicious virus was first identified on Thursday last week and the major antivirus vendors have updated their signature files to include this worm.
Fizzer appears as email attachment with a .EXE, .PIF, .COM, or .SCR extension. Virus is activated once a user opens an attached file .
After that Fizzer installs an application that logs keystrokes, as well as a Trojan Horse that could allow a hacker to take control of a user's PC. The worm also attempts to block the operation of any anti-virus software that may be present on the PC.
Then Fizzer spreads to other victims by locating the Microsoft Outlook and Windows address books and using the records stored there to send copies of itself out to those addresses
The worm can also update itself, connecting to a GeoCities account for the latest version of itself, and it also sets up its own accounts on Internet Relay Chat (IRC) and AOL Instant Messenger, in order to await commands from the virus creator.
Signs of infection include unexpected traffic on port 6667 (IRC) and 5190 (AIM).
The worm has spread rapidly throughout Europe, Asia and the US.
Users who update their antivirus definitions will be protected from the worm.[/b]