RealTime IT News

Just Another Worm on the IRC

A group of Internet Relay Chat (IRC) operators on Friday announced the hijacking of a Geocities Web page used by the 'Fizzer' virus to update itself.

The 'Fizzer Task Force' claims to have "altered" the malicious Geocities page and added a 'Fizzer' cleaner to the actual URL that the IRC bot downloads its updates from, as a self-extracting and running executable.

The counter-attack comes after the worm was detected squirming through e-mail inboxes and on the Kazaa P2P network earlier this week. It was considered especially dangerous because it contained a backdoor that used mIRC (Inter Relay Chat) to communicate with a remote attacker and a keystroke-logger that recorded all keyboard strokes in a separate log file.

The IRC operators have put up an anti-Fizzer site, featuring a collection of scripts, information, and detection/removal tools.

Meanwhile, online security firms have begun to downgrade the threat of Fizzer, which has been wreaking havoc on e-mail inboxes and on the Kazaa P2P network all week.

McAfee lowered the risk assessment to 'Medium' due to a decline in prevalence over the past 24 hours.

Even as the worm appears to be under control, online discussions groups continue to buzz about Fizzer's destructive elements with many questioning why it took so long for anti-virus firm to issue public warnings once the virus was detected.

Most security firms confirmed the Fizzer virus was first detected between May 8-9 but the first alerts were not issued until May 12, giving the complicated worm a full three days to wreak havoc.

Fizzer is capable of mass-mailing itself to addresses gathered from an infected system's Outlook Contacts list, Windows Address Book (WAB) and randomly manufactured addresses. It can trigger a slew of harmful processes, including the ability to communicate with an IRC bot (Internet Relay Chat) and an AIM bot (AOL Instant Messenger).

Sharman Networks, which distributes Kazaa, urged users to enable the anti-virus feature which is integrated into the desktop peer-to-peer platform.

"Users of Kazaa Media Desktop are protected against Fizzer and other viruses, provided they have enabled the built-in BullGuard Lite anti-virus feature which is updated with the most recent virus definitions," Sharman Networks' director of technology Phil Morle said.

Kazaa comes equipped with an anti-virus tool called BullGuard Lite which "provides an additional layer of protection within the peer-to-peer environment."

The company cautioned that BullGuard only offers protection within the P2P application and insisted users should also use anti-virus protection tools outside of Kazaa. "BullGuard Lite operates exclusively in KMD and does not protect against viruses if they enter through channels other than Kazaa, such as email, instant messaging, or downloads from other P2P applications," the company warned.