Fizzer Virus Uses Kazaa to Spread

[billybob3]

Found this on Wired News today

Quote:

LOS ANGELES -- A new and complex computer virus called "Fizzer" spread rapidly across the Internet on Monday, infecting computers around the world via e-mail and the file-swapping service Kazaa, computer security experts said.

Businesses in Asia were the first to report the attack, followed by reports of tens of thousands of infections in Europe, and experts were expecting more cases in North America.

Read the rest of the article @ http://www.wired.com/news/technology...,58813,00.html

SOURCE: http://www.wired.com/news/technology...,58813,00.html

[Kawadevil]

Thanks Billybob,

Found this @ NAI.com http://vil.nai.com/vil/content/v_100295.htm

The minimum engine for detection of this threat is the 4.1.60 engine, however to remove it the 4.2.40 engine is required. AVERT recommend ALL users (Enterprise and Consumer) update to the 4.2.40 engine immediately to stay protected from this threat.

This mass-mailing worm has many components and an internal timer to trigger different processes at different times. These include:

Mass-mailing itself to addresses gathered from different places:
Outlook Contacts list
Windows Address Book (WA
Addresses found on the local system
Randomly manufactured addresses
IRC bot (Internet Relay Chat)
AIM bot (AOL Instant Messenger)
Keylogger
KaZaa worm
HTTP server
Remote access server
Self-updating mechanism
Anti-virus software termination

The worm contains its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings. It can also use any one of several hundred different external SMTP servers.
The worm arrives as an email attachment in various messages. The from address can be forged such that the apparent sender is not the actual sender. Message body and subject lines vary, as do attachment names. Attachments use standard executable extensions (.com, .exe, .pif, .scr). Such as:


Subject: why?
Body: The peace
Attachment: desktop.scr

Subject: Re: You might not appreciate this...
Body: lautlach
Attachment: service.scr

Subject: Re: how are you?
Body: I sent this program (Sparky) from anonymous places on the net
Attachment: Jesse20.exe

Subject: Fwd: Mariss995
Body: There is only one good, knowledge, and one evil, ignorance.
Attachment: Mariss995.exe

Subject: Re: The way I feel - Remy Shand
Body: Nein
Attachment: Jordan6.pif

[billybob3]

@Kawadevil
Hmm, interesting, didn't know about those things.

I suspect that the real threat of this virus is if you are downloading files other then music...although, I could be wrong.

[James55]

Kazaa is a dangerous garbage program to start with. I stay as far away from it as possible

[~*McoreD*~]

...what James said.

@billybob: i thought you were saying:
Found this on Wierd News today
but now i saw it is actually wired.

[KingCobra]

fftopic:" class="inlineimg" />

FYI - Here's a little thread history for those of you that might have noticed. I thought this thread should also be found in Internet Security Section so I...

Moved it there to allow me to move it back which then allowed me to select leaving a link from the source of the move. Which of course then was the Internet Security Section.

Now back to your regular thread already in progress....

[billybob3]

@KingCobra
huh? What you just wrote made absolutely no sense what so ever...

[KingCobra]

billybob3 Posted on Jun 12 2003, 07:24 PM

Quote:

@KingCobra
huh? What you just wrote made absolutely no sense what so ever... 

@billybob3 - It was really directed towards the other Mods & Admin's as a thread note so don't loose any sleep over it.

[Dudelive]

@KC Believe it or not i actually understood that, although I did read it 2 times. I t almost sounded like one of those EBS Broadcast and we now return your normal station then the SNOW