The worm spreads via e-mail and includes its own SMTP engine to bypass any security your e-mail client may have. Fizzer also spreads via Kazaa, a popular file-sharing application.
The worm establishes its own accounts on Internet Relay Chat (IRC) and AOL Instant Messenger, in order to await further instructions from the virus author.
Fizzer attempts to disable any antivirus program running at the time of infection. Systems infected with Fizzer could be used in distributed denial-of-service (DDoS) attacks on other computers.
Fizzer includes a keystroke-logging Trojan horse, which can be used to steal passwords words and credit card information.
Because Fizzer spreads via e-mail and Kazaa, contains a keystroke-logging Trojan horse, and could be used in a DDoS attack, this worm rates a 7 on the ZDNet Virus Meter.
How it works
Fizzer arrives as e-mail with several possible subject lines and body texts. The From: address can be forged and therefore should not be trusted. Fizzer's attached files contain one of the following extensions: .com, .exe, .pif and .scr.
If a user opens the attached file or otherwise activates the worm, three files are added to the Windows directory:
Most antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, MessageLabs, Sophos, Symantec, or Trend Micro.