Fizzer--a multi-threat worm that attacks via e-mail and KaZaA. (Virus Notes)."Fizzer' is a classic network worm that propagates across the Internet. It arrives at the target computers as an executable file See executable code. and activates when a user launches it. Once this happens "Fizzer" cremes 5 additional files and modifies the Windows registry The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system auto-run section so that the worm loads each time the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. is started. Distinctive, though certainly not a unique characteristic of this worm, is its multiple treat construction: the worm is equally effective at spreading itself via both e-mail and the KaZaA file-sharing network. To send itself out via e-mail, "Fizzer" scans the addresses in a victim's Outlook and Windows address books or randomly attacks e-mail addresses in public e-mail systems such as hotmail.com and yahoo.com. Next, the worm, in the name of the computer owner, clandestinely sends out infected messages using different subjects, message texts and file attachment names. "Fizzer" carries a dangerous payload that can cause confidential data to be leaked from infected computers. The worm installs a keyboard-logging program that intercepts and records all keyboard strokes in a separate log file. To transmit this information as well as other sensitive data from victim machines, "Fizzer" implements a backdoor See trapdoor. utility (a utility making possible unauthorised, remote control of victim computers) that allows the worm's 'master" to control a computer via IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. channels as well as via HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. and Telnet protocols undetected. Additionally, the worm regularly connects with Web page located on the Geocities server from which it attempts to download an updated version of its executable modules. Finally, to avert being detected, "Fizzer" scans the memory of victim computers and shuts down the active processes of an array of the most widely used anti-virus programs. www.kaspersky.com |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion