PSS Moderate Security Alert - New Worm: W32.Fizzer.A@mm 
Author Message
 PSS Moderate Security Alert - New Worm: W32.Fizzer.A@mm

DATE: May 12, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail



Services Security Team is issuing this alert to advise customers to be on
the alert for this worm as it spreads in the wild.  Customers are advised to
review the information and take the appropriate action for their

IMPACT OF ATTACK: Mass-mailing, Termination of Antivirus Programs, Key
Logger and Backdoor Placement


to Peer file sharing applications.  The below outlines, but is not limited
to, actions that the worm takes:
. Copies itself in %windir%
. Creates files in %windir%: backdoors and keylogger
. Makes additions and modifies the registry
. Ends AV services and applications
. Goes into wait state for connections from remote systems
. Captures keystrokes
. Performs mass mailings

While the subject line and body of the message vary substantially the
payload for the worm is delivered as an attachment with one of the following
four file extensions: .exe, .com, .pif, .scr.  Customers are advised take
precautions when opening e-mail messages that have attachments of those

For further details on this worm please contact your preferred anti-virus

1) Block harmful attachments types at your Internet mail gateways

2) Ensure the following prevention steps are taken:

Outlook 2000 post SP2 and Outlook XP SP1 include the most recent updates to
improve the security in Outlook and other Microsoft Office programs. This
includes the functionality to block potentially harmful attachment types. If
you are running either of these versions, they will (by default) block the
attachment, and you will be unable to open it.

To ensure you are using the latest version of Office click here:


By default, Outlook 2000 pre-SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security Update
can be found here:


To find out what attachment types are blocked by Outlook please see this
Microsoft Knowledgebase Article:
http://www.*-*-*.com/ ;en-us;Q290497

Outlook Express 6 can be configured to block access to potentially-damaging
attachments. Information about how to configure this can be found here:

http://www.*-*-*.com/ ;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express do
not contain attachment-blocking functionality. Please use extreme caution
when you open unsolicited e-mail messages with attachments.

Web-based e-mail programs: Use of an application-level firewall can protect
you from being infected with this virus through Web-based e-mail programs.

If your computer has been infected with this virus, please contact Microsoft
Product Support Services or your preferred antivirus vendor for assistance
with removing it.

TechNet Article:

This article will be available within 24 hours.

As always please make sure to use the latest Anti-Virus detection from your
Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your Microsoft
representative or 1-866-727-2338 (1-866-PCSafety) within the US, outside of
the US please contact your local Microsoft Subsidiary.  Support for virus
related issues can also be obtained from the Microsoft Virus Support
Newsgroup which can be located by clicking on the following link

PSS Security Response Team


Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure!

This posting is provided "AS IS" with no warranties, and confers no rights.

Sat, 29 Oct 2005 07:52:57 GMT  
 [ 1 post ] 

 Relevant Pages 

1. PSS Security Alert - W32/Palyh@MM

2. Product Support Services - Moderate Security Alert - Virus: W32.Myparty@mm

3. Premier - Product Support Services - Moderate Security Alert - Virus: Gigger/JS.Gigger.A@mm

4. Product Support Services - Moderate Security Alert - Virus Alert: Klez-E

5. PSS Security Alert - JS/Exploit-Messenger

6. W32.sircam.worm@mm

7. W32.Nimda.A@mm and W32.Nimda.enc

8. just recieved a new virus W32/Bugbear@MM Virus Found

9. Worm virus: W32/opaserv.worm.f

10. W32 Opaserv.worm a/k/a Opasoft.A Worm

11. I-Worm.Fizzer infection

12. New Security Alert from Microsoft


Powered by phpBB® Forum Software