�Fizer� worm spreads rapidly across the Internet
May 15, 2003
A new worm known as "Fizzer" has spread rapidly around the world using email and the KaZaa peer-to-peer file swapping program to propagate itself.
The malicious virus was first identified on Thursday last week and the major antivirus vendors have updated their signature files to include this worm.
Fizzer appears as email attachment with a .EXE, .PIF, .COM, or .SCR extension. Virus is activated once a user opens an attached file .
After that Fizzer installs an application that logs keystrokes, as well as a Trojan Horse that could allow a hacker to take control of a user's PC. The worm also attempts to block the operation of any anti-virus software that may be present on the PC.
Then Fizzer spreads to other victims by locating the Microsoft Outlook and Windows address books and using the records stored there to send copies of itself out to those addresses
The worm can also update itself, connecting to a GeoCities account for the latest version of itself, and it also sets up its own accounts on Internet Relay Chat (IRC) and AOL Instant Messenger, in order to await commands from the virus creator.
Signs of infection include unexpected traffic on port 6667 (IRC) and 5190 (AIM).
The worm has spread rapidly throughout Europe, Asia and the US.
Users who update their antivirus definitions will be protected from the worm.
heard about this also... Thanks for the info. I'll keep my anti-virus updated.
thanks for the info Edgedale 😊
i remmember a PC that i once had
it dosn't work right unless it has 5 virus (i used to save them on a flopy disk before i format the hard disk)
New computer worm disguises itself as an e-mail from Microsoft
May 21, 2003
Antivirus vendors have warned about new computer worm which pretends to have been sent by Microsoft technical support.
The e-mail containing the worm, dubbed Palyh (pronounced Pale-H) or Mankx, appears to come from [email protected], but is not from the software company. It contains a file which, upon execution, copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out. Palyh also spreads to other Windows machines on a local area network (LAN).
Though the file appears to have a .pi or .pif extension, it is an .exe file which is automatically run by Windows as soon as the recipient double-clicks on it.
The malicious program has the ability automatically to update itself from a remote web server, and install spyware on infected machines.
Spyware is any software used to obtain personal information about a user or his or her computer without informing the user or asking permission. Spyware uses an Internet connection to receive the data about Web browsing habits or even passwords and credits card details.
Palyh is also time locked to expire automatically after 31 May. Most likely this trigger was built into the program because the server from which it downloads its updates will be closed in the near future.
The worm appears to originate from the Netherlands, but more than 60 percent of e-mails containing it were originating from the United Kingdom. It began spreading on Saturday and has apparently infected computers in 75 countries.
A Microsoft spokesman said the company never sends out unsolicited mass e-mails with attachments.