May 13, 2003 Information Security Advisory

A new Internet worm was discovered yesterday.
This is a copy or paraphrase from the Symantec Antivirus team:

W32.HLLW.Fizzer@mm is a mass-mailing worm that sends itself to all contacts in the Windows 
Address Book. It contains a backdoor that uses mIRC to communicate with a remote attacker. 
It also contains a keylogger and attempts to spread through the KaZaA file-sharing network. 
The worm attempts to terminate the process of various antivirus programs if they are found 
to be active.

Due to the number of submissions received from customers, Symantec Security Response is 
upgrading this threat from a Category 2 to a Category 3 threat.

NOTE: Virus definitions dated 5/9/2003 were posted as LiveUpdate definitions on 5/12/2003 i
n response to the upgrade.

Symantec Security Response has created a tool to remove W32.HLLW.Fizzer@mm available at 
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer.removal.tool.html

Attention: Follow the directions on that page. If you want to be really secure, you can also verify 
the authenticity of the symantec removal tool by follwing additional directions also available
on that page.

Also Known As: W32/Fizzer@MM [McAfee], Win32.Fizzer [CA], W32/Fizzer-A [Sophos], 
WORM_FIZZER.A [Trend], Fizzer [F-Secure], Win32/Fizzer.A@mm [RAV], I-Worm.Fizzer [KAV] 
Type: Worm 
Infection Length: 241,664 bytes 
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me 
Systems Not Affected: Macintosh, OS/2, UNIX, Linux 

Workingarts recommends that you be particularly careful with email in the next few days as 
you may receive file attachments that are commonly used to spread viruses, such as .vbs, 
.bat, .exe, .pif and .scr files. to help propagate this worm.
Besure to update your virus signatures database.