Fizzer Worm Is on the Move
UPDATE: Fizzer continues to spread rapidly as anti-virus experts race to analyze the code of what they say is one of the more complex worms in recent memory.The Fizzer worm continued to spread rapidly late Monday afternoon as anti-virus experts raced to analyze the code of what they called one of the more complex worms in recent memory. First seen late last week, Fizzer began spreading in Asia initially but then hit Europe and North American hard Monday as office workers started to open e-mails received over the weekend. As of 4:30 EDT Monday, MessageLabs Inc., a managed service provider in New York that tracks virus activity, had seen more than 25,000 copies of the worm, making it the fifth-most prevalent virus on the Internet this month. "This is one of the more complicated worms weve seen", comments Mikko Hypponen, manager of anti-virus research at F-Secure Corp., based in Helsinki, Finland. "The worm is 200kB of code spaghetti, containing backdoors, code droppers, attack agents, key loggers and even a small Web server."
The new worm has several other capabilities that make it particularly troubling and dangerous. Fizzer includes an IRC bot that attempts to connect to a number of different IRC servers and, once it establishes a connection, listens passively for further instructions. This kind of activity is often the precursor to a distributed DoS (denial-of-service) attack. The worm also has the ability to create a new user account on AIM (AOL Instant Messenger), join a chat session and then listen for instructions.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.