Hi all, Let me first say I hope I am not breaking any board rules by posting this, but thought the file sharing family needs to know. I found this while browsing a news site.:

Fizzer worm widespread
Staff writers
May 13, 2003

A NEW worm known as "Fizzer" has spread rapidly around the world using email and the KaZaa peer-to-peer file swapping program to propagate itself.

Fizzer, (also known as W32.HLLW.Fizzer@mm or WORM_FIZZER.A), installs an application that logs keystrokes, as well as a Trojan Horse that could allow a hacker to take control of a user's PC. The worm also attempts to block the operation of any anti-virus software that may be present on the PC.

Fizzer sends itself to all entries in the Windows Address Book, Outlook Address Book and any addresses found on the local system via email. It can also distribute itself to randomly generated addresses.

Message subject lines include "The peace" and "Re: how are you?". Subject lines and worm file names are variable.

To distribute itself via KaZaa, Fizzer duplicates itself in the application's file sharing folder under random file names so that it can be uploaded to other machines.

there are some worms going around. its disturbing yes.


btw, this should probably be in filesharing ;)

Keep the Norton running, and go on with your life. If you aren't protected by now, you deserve what you get. :huh:

Thanks kab, thats what I needed to know, jibbler, hope you are a better filesharer than your responses reflect on the board, You shouldnt kick someone trying to help keep the p2p community safe! Peace B)

This should be here (http://www.klboard.ath.cx/bb/index.php?act=SF&f=13).

Nice post though. :)

As usual.... FC is right, topic moved... :lol:

Originally posted by Peaceplaya@13 May 2003 - 04:39
Hi all, Let me first say I hope I am not breaking any board rules by posting this, but thought the file sharing family needs to know. I found this while browsing a news site.:

Fizzer worm widespread
Staff writers
May 13, 2003

A NEW worm known as "Fizzer" has spread rapidly around the world using email and the KaZaa peer-to-peer file swapping program to propagate itself.

Fizzer, (also known as W32.HLLW.Fizzer@mm or WORM_FIZZER.A), installs an application that logs keystrokes, as well as a Trojan Horse that could allow a hacker to take control of a user's PC. The worm also attempts to block the operation of any anti-virus software that may be present on the PC.

Fizzer sends itself to all entries in the Windows Address Book, Outlook Address Book and any addresses found on the local system via email. It can also distribute itself to randomly generated addresses.

Message subject lines include "The peace" and "Re: how are you?". Subject lines and worm file names are variable.

To distribute itself via KaZaa, Fizzer duplicates itself in the application's file sharing folder under random file names so that it can be uploaded to other machines.
Thanks for bringing this to our attention.

No real need though as 100's of new worms and trojans released everyday.Just make sure your anti virus definitions are always kept upto date :)

:angry: and allso w32.kw bot.worm is out there two it got me today but my horton got it befor it could do anything. thank God to horton :D








you need to check your shair files to just to be safe :ph34r:

I've gotten two versions of W32.HLLW.Fizzer so far from p2p sharing, but AVG deleted both of them. AVG is free by the way.

Jon

Originally posted by Peaceplaya@13 May 2003 - 06:34
Thanks kab, thats what I needed to know, jibbler, hope you are a better filesharer than your responses reflect on the board, You shouldnt kick someone trying to help keep the p2p community safe! Peace B)
He wasnt kicking you, he was being blunt, and in all truth, hes dead on...

If you get a worm like thats, its your own damn fault. Keep your Norton updated daily, or every two days, make it continually scan, and 99.99% of the time, you will be fine. I have been online for 7 years, one virus, the whole time, and that was when i didnt keep my definitions up to date, my first year, cuz i didnt know better...

theres no excuse anymore... if you run an exe file, u download from a 3rd party, w/o it having been scanned by norton, or mcafee, or something, then u deserve it, its common sense.

Originally posted by Peaceplaya@13 May 2003 - 07:34
Thanks kab, thats what I needed to know, jibbler, hope you are a better filesharer than your responses reflect on the board, You shouldnt kick someone trying to help keep the p2p community safe! Peace B)
In all honesty, I sometimes forget that there are lots of newbies on these boards. Without going into a huge explanation, I tried to point out that viruses are really pretty rare, and that your chances of infection are virtually erased if you run a current version of a virus scanning program. B)

If you don't like my advice, take it or leave it. I contribute hours to this board, and lots of hashes in the verifieds. I'm not a mod, just an active member of this community. Sometimes I can be a bit harsh, but its only because I see post after post containing much the same info. Your post was unique to this board, but not really news. A fix was already released by Symantec for infected computers which you can find here. (http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.hllw.fizzer.removal.tool.html) :o

Here is all the info you'll ever need, written today May 13, 2003 at 841am. Try this. (http://securityresponse1.symantec.com/sarc/sarc.nsf/html/[email protected]) :huh:

So, does anyone feel any safer now? :huh:

Your point is well taken Jibbler and I am sure everyone is very appreciative of your efforts here, I know I am, but here in Australia I have only tonight heard about this Fizzer(fisser) thing so came here to find out about it, so your point about people HAVING to have heard about it does not hold much water, the world is a big place, we don't all have Broadband or sit at our screens 24/7, so please keep up the good work you do but allow for the guys who aren't as with it as you, and please take this in the good faith it's posted with.

Originally posted by ozhog@14 May 2003 - 07:37
please take this in the good faith it's posted with.
Fair enough. :)

Don't worry about it everyone, this worm may soon go away.
According to this (http://lists-temp.ic5.net/pipermail/irc-security/2003-May/000020.html) article it will eventually uninstall itself from your PC.

Tehee, doesn't this violate the Fizzer EULA?

Always remember that AV software may lag behind the NEWEST virus on Kazaa by a month or more.
They can't make good virus cleaners for viruses they haven't fully studied yet...
So you may have to be infected for a month even using the 'latest and greatest' AV before it gets cleaned off.

Just all the MORE reason to pay close attention to the behavior of any EXE you download off Kazaa.
If when you click on one it seems to 'do nothing', better start looking in run MSCONFIG, STARTUP tab for a new entry with a similar name... cuz that's where most viruses go!

Originally posted by Schmiggy_JK23+13 May 2003 - 13:58--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Schmiggy_JK23 @ 13 May 2003 - 13:58)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Peaceplaya@13 May 2003 - 06:34
Thanks kab, thats what I needed to know, jibbler, hope you are a better filesharer than your responses reflect on the board, You shouldnt kick someone trying to help keep the p2p community safe&#33; Peace B)
He wasnt kicking you, he was being blunt, and in all truth, hes dead on...

If you get a worm like thats, its your own damn fault. Keep your Norton updated daily, or every two days, make it continually scan, and 99.99% of the time, you will be fine. I have been online for 7 years, one virus, the whole time, and that was when i didnt keep my definitions up to date, my first year, cuz i didnt know better...

theres no excuse anymore... if you run an exe file, u download from a 3rd party, w/o it having been scanned by norton, or mcafee, or something, then u deserve it, its common sense. [/b][/quote]
@ this moment there are 2000+ fizzer bots on p2pchat,net :lol:

Originally posted by Switeck@16 May 2003 - 19:06
Always remember that AV software may lag behind the NEWEST virus on Kazaa by a month or more.
They can&#39;t make good virus cleaners for viruses they haven&#39;t fully studied yet...
So you may have to be infected for a month even using the &#39;latest and greatest&#39; AV before it gets cleaned off.

Just all the MORE reason to pay close attention to the behavior of any EXE you download off Kazaa.
If when you click on one it seems to &#39;do nothing&#39;, better start looking in run MSCONFIG, STARTUP tab for a new entry with a similar name... cuz that&#39;s where most viruses go&#33;
Using something like http://www.mlin.net/StartupMonitor.shtml will give you an instant heads-up as to whether some rogue .exe has placed itself into your startup routines ;)

One other note. "Names" don&#39;t necessarily mean "safe." Two weeks ago, a friend&#39;s XP system started acting strange and she asked me for help. According to her Norton AV software, everything was just fine. But, when I tried to download the most recent AV update, it wouldn&#39;t give me access to the Symantec download site. So, I uninstalled Norton and installed "free" AV software from the Grifsoft.com site (AV software I use myself). Seconds after initializing, it detected and quarantined a Win32/CIH virus ... and following that, the system started working fine again. This is not to say free Grisoft AV software is better than Norton. A week from now, Norton may catch something neither Grisoft nor McAfee catches. And the week after that, maybe McAfee will catch something other software won&#39;t.

There&#39;s no one perfect shield. The best thing any of us can do is keep whatever AV software we have in an updated state as often as possible, cross our fingers, and hope for the best.

To Jibbler, I do appreciate the classy way you answered my reply&#33; B) I just want to keep the this filesharing thing alive in whatever I can do. Again, I appreciate your response, because it shows that you are a credit to the board&#33; I apologize for my assumptions. Keep up the great work&#33;

simple just using nortons on protect cant catch a virus then ;)

Originally posted by Peaceplaya@19 May 2003 - 21:49
To Jibbler, I do appreciate the classy way you answered my reply&#33; B) I just want to keep the this filesharing thing alive in whatever I can do. Again, I appreciate your response, because it shows that you are a credit to the board&#33; I apologize for my assumptions. Keep up the great work&#33;
Its all good my friend. With knowledge comes power. In keeping with our current theme, lets see how the Fizzer virus played out. Check this (http://msnbc-cnet.com.com/2100-1009_3-1007743.html?tag=lh) out. B) ;)

Who wouldn&#39;t want to be part of the IRC community? Safest damn place on the web if you ask me. :huh:

Jibbler ... here&#39;s an interesting thought. I went to that article page and, near the bottom, clicked on a link to a companion article. In that article, the last line read:


More than 40 percent of all Fizzer interceptions were in China, according to MessageLabs.

Assuming Fizzer interceptions are commonplace among all FastTrack users, could this mean that 40% of all file-sharers in the world are Chinese citizens? If FastTrack use is a worldwide phenomenon, that just might make China the largest single national block of users. In short, even if the the RIAA/MPAA/BSA were successful in arresting/prosecuting every other user of FastTrack (4,000,000 users at any given time), they&#39;d still have 1,600,000 users living in a country that would thumb their noses at them. :lol:

Originally posted by OlderThanDirt@20 May 2003 - 09:43
Jibbler ... here&#39;s an interesting thought. I went to that article page and, near the bottom, clicked on a link to a companion article. In that article, the last line read:


More than 40 percent of all Fizzer interceptions were in China, according to MessageLabs.

As long as you can&#39;t get SARS from filesharing, we should all be safe. :huh: