The Fizzer worm was discovered on May 8, '03 and is now
one of of the most common malware.
Fizzer is a mass-mailer that has multiple plug-ins.
*It contains a backdoor that communicates through mIRC,
to alert a remote hacker of its presence on a particular
machine
*It has a keylogger that captures the keying of sensitive
data, such as user-name and password pairs, logs them to
a file, and can transmit them on request
*It attempts to spread through the Kazaa file-sharing network
*It deactivates background anti-virus protection by terminating
their processes
Distribution: Fizzer drops the file ISERVC.EXE
to the windows folder. Fizzer spreads as an e-mail attachment,
using COM, EXE, PIF, or SCR as extension. On an infected
computer, Fizzer will locate the KaZaA shared folder, replace
files with itself, and modify the extension name of the
replaced files by adding to their name an executable second
suffix. For example, an MP3 file will change to MP3.EXE,
to deceit an unaware downloader.
Fizzer will install when the infected e-mail attachment
is opened, or by attempting to play the bogus Kazaa download.
Fizzer will then copy itself as Iservc.exe to Windows,
and attempt to install itself to the startup queue. Both
attempts are intercepted by InVircible and reverted, failing
Fizzer to install.
Back
©NetZ Computing Manufacturers of InVircible
