Fizzer Just Loves Kazaa
May 8 was the date Fizzer, a mass-mailing worm that sends itself to all contacts in the Windows Address Book, appeared for the first time.
And it really likes Kazaa.
McAfee says Fizzer has all kinds of components and an internal timer to trigger different processes at different times, going on that these include addresses gathered from different places such as Outlook Contacts list, Windows Address Book (WAB), addresses found on the local system, randomly manufactured addresses; and, IRC bot; AIM bot; Keylogger; KaZaa worm; HTTP server; Remote access server; Self-updating mechanism; and, Anti-virus software termination
It also says not only does the worm have its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings, it can also use any one of several hundred different external SMTP servers.
It turns up as an email attachment and, McAfee continues:
"The from address can be forged such that the apparent sender is not the actual sender. Message body and subject lines vary,
as do attachment names. Attachments use standard executable extensions (.com, .exe, .pif, .scr). Such as:
Subject: why? Body: The peace Attachment: desktop.scr
Subject: Re: You might not appreciate this... Body: lautlach Attachment: service.scr
Subject: Re: how are you? Body: I sent this program (Sparky) from anonymous places on the net Attachment: Jesse20.exe
Subject: Fwd: Mariss995 Body: There is only one good, knowledge, and one evil, ignorance. Attachment: Mariss995.exe
Subject: Re: The way I feel - Remy Shand Body: Nein Attachment: Jordan6.pif
Go here for more on Fizzer.