A group of Internet Relay Chat (IRC)
The ‘Fizzer Task Force’ claims to have “altered” the malicious Geocities
page and added a ‘Fizzer’ cleaner to the actual URL that the IRC bot
downloads its updates from, as a self-extracting and running executable.
The counter-attack comes after the worm was detected squirming
through e-mail inboxes and on the Kazaa P2P network earlier this week. It
was considered especially dangerous because it contained a backdoor that
used mIRC (Inter Relay Chat) to communicate with a remote attacker and a
keystroke-logger that recorded all keyboard strokes in a separate log
file.
The IRC operators have put up an anti-Fizzer site, featuring
a collection of scripts, information, and detection/removal tools.
Meanwhile, online security firms have begun to downgrade the threat of
Fizzer, which has been wreaking havoc on e-mail inboxes and on the Kazaa P2P
network all week.
McAfee lowered the
risk assessment to ‘Medium’ due to a decline in prevalence over the past 24
hours.
Even as the worm appears to be under control, online discussions groups
continue to buzz about Fizzer’s destructive elements with many questioning
why it took so long for anti-virus firm to issue public warnings once the virus was detected.
Most security firms confirmed the Fizzer virus was first detected between
May 8-9 but the first alerts were not issued until May 12, giving the
complicated worm a full three days to wreak havoc.
Fizzer is capable of mass-mailing itself to addresses gathered from an
infected system’s Outlook Contacts list, Windows Address Book (WAB) and
randomly manufactured addresses. It can trigger a slew of harmful processes,
including the ability to communicate with an IRC bot (Internet Relay Chat)
and an AIM bot (AOL Instant Messenger).
Sharman Networks, which distributes Kazaa, urged users to enable the
anti-virus feature which is integrated into the desktop peer-to-peer
platform.
“Users of Kazaa Media Desktop are protected against Fizzer and other
viruses, provided they have enabled the built-in BullGuard Lite anti-virus
feature which is updated with the most recent virus definitions,” Sharman
Networks’ director of technology Phil Morle said.
Kazaa comes equipped with an anti-virus tool called BullGuard Lite which
“provides an additional layer of protection within the peer-to-peer
environment.”
The company cautioned that BullGuard only offers protection within the
P2P application and insisted users should also use anti-virus protection
tools outside of Kazaa. “BullGuard Lite operates exclusively in KMD and does
not protect against viruses if they enter through channels other than Kazaa,
such as email, instant messaging, or downloads from other P2P applications,”
the company warned.