/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE: A new computer virus, the "Fizzer" worm, spread rapidly across the Internet. Fizzer is a destructive mass-mailing worm that uses its own SMTP engine to mail itself to all contacts in the users address book including Outlook, Windows Address Book, in addition to any addresses found on the local system or randomly manufactured addresses.
Fizzer also contains an internal timer to trigger different processes at different times. It was first discovered on May 8 and has been reported to AVERT from customers in many regions in the world including North America, Europe, Japan, and other countries in the Asia Pacific region.
The biggest threat from Fizzer, perhaps, is the key-logging program it installs on a victim's machine. Keyloggers record everything you type into your PC. They even record screen shots. The captured info is then sent back to the attacker. Infected machines could relay bank account numbers and passwords, screen names and passwords, and other sensitive personal data.
The Fizzer is an Internet worm that once activated, emails itself to everyone in the user's Microsoft Outlook, Windows Address Book, any addresses found on the local system, and randomly manufactured addresses on the users system.
The worm contains its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings, and can also use any one of several hundred different external SMTP servers. The "from" address can be forged, so that the apparent sender is not the actual sender. The body of the message and subject line varies, as does the attachment name.
The subject and message body are constructed from a large list of English and German words and phrases carried within the virus body. Attachments use standard executable extensions including .com, .exe, .pif, and .scr.
Fizzer also pings many different IRC servers. When it receives a reply from those servers, it connects to a channel on that server using many different internal usernames, and waits for further instructions from an attacker. The list of IRC servers includes:
· irc2p2pchat.net
· irc.idigital-web.com
· irc.cyberchat.org
· irc.othernet.org
· irc.beyondirc.net
· irc.chatx.net
· irc.cyberarmy.com
· irc.gameslink.net
The mass-mailing work first surfaced in Asia.