WORM_FIZZER.A - Description and solution

WORM_FIZZER.A

Overview

Aliases: Email-Worm.Win32.Fizzer (Kaspersky), W32/Fizzer.gen@MM (McAfee), W32.HLLW.Fizzer@mm (Symantec), Worm/Fizzu.A.Dmg.2 (Avira), W32/Fizzer-A (Sophos),

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This malware has both worm and backdoor capabilities. As a worm, it propagates via email using its own SMTP (Simple Mail Transfer Protocol) engine and the Kazaa file-sharing network.

As a backdoor, it connects to IRC (Internet Relay Chat) servers and joins channels so that it can carry out its backdoor routines. Infected systems thereby become vulnerable to unauthorized access and control.

It sends an email message of varying formats to all the addresses found in the Windows Address Book and Microsoft Outlook address book.

The details of the email it sends out are as follows:

Subject: (Chosen from the following)

ich geh jetz arbeiten
koi luscht zum schaffe ;()
bis sp�ter ;)
wenn was ist, wisst ihr wo ich erreichbar bin
die zu uns gefunden haben ;(
strafrechtliche Verfolgung nach sich ziehen.
Einzelnen oder einer Gruppe von Usern das Privileg der Nutzung
hlt Euch wohl aber benehmt euch bitte
guten morgen ;)
Dreeeeehzahlmesser?? Anweisung Morgen SaTYr dran erinnern, dass er mal Ulf anruft danke ;)
Bitte keine Skript- oder Botspielereien, kein Betteln nach Voice
oh man, ich habe ja jetzt schon kopfweh
uuuiihh, sch�n dass du dich zu uns gesellst
moin lim
Kein Geld f�r eine Shell ? Dann wird es aber ...
er spricht deutsch
ach so
brb...
ich muss dann mal los
mach ich ;)
Hallo, wie geht es dir.
Ist das nicht lustig? ;)
Das Wetter ist gut.
Gut geschlafen?
erstmal unter die dusche ..
Og.. :)
Wer ist hier das Schaf?
Morgen uggi ;))
moin uk-world
hierzu kann ich nur anmerken das fix nen Bettn
sser ist
huhu Camper ;))
Sandy es freut mich sehr, dass du heut so gut drauf bist ;)
da kannst ja gleich einen kuchen auch noch backen ;D
ohje ;)
hmm sandy und backen ???
heidelbeerkuchen ;)
jo Camper, das kann ich auch ;)
die dich nur anschnautzen kann und sonst nix ;)
siehste Camper und ich dachte immer sandy w�r eine neumoderne hausfrau
lautlach
wer hat schon gern nen Gandalfspargel im Hintern sfg
schmoll
Du ekelst mich an
Guten Abend
Danke
Sie wollen wohl
M�nnlein oder Weiblein?
Wie geht es Ihnen?
Ich bin m�de
Ich habe Hunger.
Ich verstehe nicht.
Entschuldigen Sie
Ich liebe Sie
I thought this was interesting...
rather psychedelic...
found this on the net, you might like it...
discoth
imbrue
Damn it feels good to be gangsta.
The way I feel - Remy Shand
Paradigm Shift
WASSUP!
Know Thyself
I love you
Please discard if you don't like or agree with our present leadership...
little popup remover
B cannot remember
Yo, WASSUP, B?
an interesting program...
You might not appreciate this...
I think you might find this amusing...
check this out... hehehe
question...
see you tomorrow.
how are you?
you need to lose weight.
kind of simple, but fun nonetheless.
check it out.
I wonder what can be so bad
That it makes you want to die
I wonder what could be so tragic
Makes you want to take your life
You have your savior on the cross
While you sit on the throne
Put youself up on that cross
Put your savior on the throne
And I know
It's hard to take what's happening
Life is tough sometimes
It seem like there's no hope for you
Your life is worth more than you can say
It's hard to see beyond your pain
When you feel so dead inside
It's hard to see what you've been given
It's hard to find a hope in life

It may prepend any of the following strings to the subjects of its messages:

Re:
Fwd:

Message Body: (Chosen from the following)

I sent this program (Sparky) from anonymous places on the net.

The way to gain a good reputation is to endeavor to be what you desire to appear.

There is only one good, knowledge, and one evil, ignorance.

Watchin' the game, having a bud.

Did you ever stop to think that viruses are good for the economy? Maybe the primary creators of the world's worst viruses are the companies that make the Anti-Virus software.

Today is a good day to die...

so, how are you?

the attachment is only for you to look at

you must not show this to anyone...

delete this as soon as you look at it...

Let me know what you think of this...

If you don't like it, just delete it.

thought I'd let you know

you don't have to if you don't want to.

This worm randomly generates the file name of the email attachment using any of the following formulas:

%Name%%Number%
%Word%

The file attachment can have the extensions .EXE, .COM, .PIF or .SCR.

This mass-mailer runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 11, 2003 9:28:17 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.