Fizzer worm uses KaZaA for remote control

THERE'S A NEW worm on the block and it's called Fizzer, Kaspersky Labs warns today.

Fizzer is spread both over vulnerable email clients and using the KaZaA file sharing network, Kaspersky said, and shows rat-like cunning by using a key logger and a trojan that can allow your PC to be taken over.

It arrives on a PC as an executable and if it's launched it makes five extra files and changes the Windows registry auto-run so it executes on start up.

The worm either scans the address book in Microsoft Outlook or randomly attacks email addresses in hotmail and yahoo.com, said Kaspersky.

And issues little messages to entrap users such as "I think you might find this amusing" to force an execution.

On KaZaA, the firm said, it creates multiple copies of itself randomly and puts itself in a the file sharing folder, if one exists. That means it spreads itself to any other peer to peer people that access this file.

Kaspersky also claims that it installs a keyboard logging program that puts all keystrokes in a separate log file, and them uses a backdoor utility that allows someone maliciously to control computers using either IRC channels, or HTTP and Telnet.

It's also got an anti-anti-virus detector. There's more details of the program worm here. µ

Update 19:01 Symantec says it is also tracking Mr Fizzer, which it calls W32.HLLW.Fizzer@nm. It upgraded the threat to three today, after its tracking engine received 26 corporate submissions and 146 other submissions of this worm as a problem.