Marlow, UK - 12 May 2003 - Trend Micro (TSE: 4704; Nasdaq: TMIC), a leader in network antivirus and Internet content security software and services is warning computer users of IRC Backdoor, mass mailing WORM_FIZZER.A. Trend Micro currently classes the worm as medium risk, but warns of its high distribution and damage potential.
WORM_FIZZER.A. spreads via multiple vectors - email, IRC backdoor and can update itself via download from a geocities web site. It is a mass-mailing worm that spreads via email and Kazaa peer-to-peer (P2P) file sharing network. The worm arrives as a file attachment with a .EXE, .PIF, .COM, or .SCR extension. The worm has an SMTP engine, which it uses to send copies of itself via email. It obtains recipients from addresses found in Window Address Book The Worm, was first detected in the Far East, but it would seem that it was created by a Southern German (or someone with a good knowledge of German) given the usage of this particular dialect within the subject line. English is also used in the subject line, and in the main body of the email - see details at end of this advisory.
The worm can also enter systems via an IRC backdoor. It can connect itself to IRC servers and joins IRC channels. It will then perform commands coming from the said channel. The distribution potential of the worm is increased by the fact that it can disable some antivirus scanners (not including those of Trend Micro) terminating any of the processes mentioned below
* SCAN
* TASKM
* VIRUS
* F-PROT
* VSHW
* ANTIV
* NMAIN
Trend Micro detects Worm_FIZZER.A with pattern file 532, which Trend Micro users can download at www.trendmicro-europe.com.
Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
EMAIL DETAILS
* ich geh jetzt arbeiten
* koi luscht zum schaffe ;()
* bis später ;)
* wenn was ist, wisst ihr wo ich erreichbar bin
* die zu uns gefunden haben ;(
* strafrechtliche Verfolgung nach sich ziehen.
* Einzelnen oder einer Gruppe von Usern das Privileg der Nutzung
* hält Euch wohl aber benehmt euch bitte
* guten morgen ;)
* Dreeeeehzahlmesser?? Anweisung Morgen SaTYr dran erinnern, dass er mal Ulf anruft danke ;)
* Bitte keine Skript- oder Botspielereien, kein Betteln nach Voice
* oh man, ich habe ja jetzt schon kopfweh
* uuuiihh, schön
* du dich zu uns gesellst
* moin lim
* Kein Geld für eine Shell ? Dann wird es aber ...
* er spricht deutsch
* ach so
* brb...
* ich muss dann mal los
* mach ich ;)
* Hallo, wie geht es dir.
* Ist das nicht lustig? ;)
* Das Wetter ist gut.
* Gut geschlafen?
* erstmal unter die dusche ..
* Og.. :)
* Wer ist hier das Schaf?
* Morgen uggi ;))
* moin uk-world
* hierzu kann ich nur anmerken das fix nen Bettn
* sser ist
* huhu Camper ;))
* Sandy es freut mich sehr, dass du heut so gut drauf bist ;)
* da kannst ja gleich einen kuchen auch noch backen ;D
* ohje ;)
* hmm sandy und backen ???
* heidelbeerkuchen ;)
* jo Camper, das kann ich auch ;)
* die dich nur anschnautzen kann und sonst nix ;)
* siehste Camper und ich dachte immer sandy wär eine neumoderne hausfrau
* lautlach
* wer hat schon gern nen Gandalfspargel im Hintern sfg
* schmoll
* Du ekelst mich an
* Guten Abend
* Danke
* Sie wollen wohl
* Männlein oder Weiblein?
* Wie geht es Ihnen?
* Ich bin müde
* Ich habe Hunger.
* Ich verstehe nicht.
* Entschuldigen Sie
* Ich liebe Sie
* I thought this was interesting...
* rather psychedelic...
* found this on the net, you might like it...
* discoth
* imbrue
* Damn it feels good to be gangsta.
* The way I feel - Remy Shand
* Paradigm Shift
* WASSUP!
* Know Thyself
* I love you
* Please discard if you don't like or agree with our present leadership...
* little popup remover
* B cannot remember
* Yo, WASSUP, B?
* an interesting program...
* You might not appreciate this...
* I think you might find this amusing...
* check this out... hehehe
* question...
* see you tomorrow.
* how are you?
* you need to lose weight.
* kind of simple, but fun nonetheless.
* check it out.
* I wonder what can be so bad
* That it makes you want to die
* I wonder what could be so tragic
* Makes you want to take your life
* You have your savior on the cross
* While you sit on the throne
* Put youself up on that cross
* Put your savior on the throne
* And I know
* It's hard to take what's happening
* Life is tough sometimes
* It seem like there's no hope for you
* Your life is worth more than you can say
* It's hard to see beyond your pain
* When you feel so dead inside
* It's hard to see what you've been given
* It's hard to find a hope in life
Mail Body: (Chosen from the following)
* I sent this program (Sparky) from anonymous places on the net.
* The way to gain a good reputation is to endeavor to be what you desire to appear.
* There is only one good, knowledge, and one evil, ignorance.
* Watchin' the game, having a bud.
* Did you ever stop to think that viruses are good for the economy? Maybe the primary creators of the world's worst viruses are the companies that make the Anti-Virus software.
* Today is a good day to die...
* so, how are you?
* the attachment is only for you to look at
* you must not show this to anyone...
* delete this as soon as you look at it...
* Let me know what you think of this...
* If you don't like it, just delete it.
* thought I'd let you know
* you don't have to if you don't want to.
Attachment:
Randomly generated using the following formula:
%name%_%number
%word%
# # #
About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has its European headquarters in Marlow, England, and business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit: http://www.trendmicro-europe.com
For further details contact:
Anna Wright
Trend Micro
EMEA PR Manager
Tel: +44 (0)1628 400 534
E-mail: anna_wright@trendmicro.co.uk
Lammers van Toorenburg PR
Annegees van Linge
Tel: +31 (0)30 6565 070
E-mail: annegees@lvtpr.nl