FANDOM


Fizzer is a multi-vector worm that works on Microsoft Windows.

It has multiple methods of spreading, including an email or a KaZaA share folder. When Fizzer is spread through email, It may have a subject line in English, German, or French, but the bodies of the emails are in English. Attachments to the emails have random extensions; these include .com, .exe, pif, or .scr.

Fizzer-Icon

Fizzer's Icon

Payload

The computer running the Fizzer worm will begin having files "Infected", as well as copy itself to System32. Inside of System32, it would rename itself "iservc.exe" and "initbak.exe". Fizzer has the same icon as the KaZaA share folder, and infects files inside of the KaZaA folder.

Mp3 and other types of non-executable files are replaced with Fizzer, and have .exe extensions, while having the original, but now compressed, files. It begins to spread by looking for emails in the Windows Address Book.

It also kills any process active in memory which has the following "keywords": NAV, SCAN, AVP, TASKM, VIRUS, F-PROT, VSHW, ANTIV, VSS, NMAIN. This is mostly done so it can kill any antivirus.

It allows a hacker to gain remote access to the resources of the affected computer.

Sources

Panda security, Fizzer: Virus Encyclopedia.