Fizzer E-Mail Worm Sizzles Worldwide

Called Fizzer, the mass-mailing worm can install a program that logs keystrokes and a Trojan program that allows an attacker to remotely manage infected computers, according to Kaspersky Labs, a security software company.

The worm surfaced May 7 but picked up speed early last week. MessageLabs, a managed e-mail security services provider, said it intercepted more than 57,000 copies of Fizzer from more than 105 countries. The infection rate last week was 1 in 312 e-mails, the company said.

By midweek, though, the worm's spread appeared to be slowing. Network Associates reported a steep decline in the number of Fizzer reports.

Fizzer arrives as an e-mail with various subject lines, messages and file attachments, such as "I think you might find this amusing" in the subject line and a message that reads "Let me know what you think of this." If the attachment is opened, the worm sends copies of itself to addresses in the user's Windows and Outlook address books.

The worm spreads via Kazaa by creating copies of itself and infecting a victim's Kazaa file-sharing folder, then spreading to other Kazaa participants when they access the folder.

Some vendors reported that Fizzer, which infects Windows systems, tries to disable security software and can also spread via IRC chat software and America Online's Instant Messenger.

Compared with other more destructive worms, Fizzer is basically a nuisance, said Gary Morse, president of Razorpoint Security Technologies, a New York-based security services firm.

"It's less vicious in terms of erasing hard drives and deleting files," he said. "It's more of a worm that clogs e-mail boxes and decreases network performance. %85"

Fizzer, like other worms, was developed from a basic blueprint that a programmer could download from hacker sites, he said. None of Razorpoint's clients reported the worm.