Fizzer computer worm: bubbling but buggy

May 15, 2003 Sophos Press Release

The W32/Fizzer-A worm, which can spread via email, file-sharing networks and internet relay chat, has been found by Sophos researchers to contain a bug which has reduced its chances of spreading even more widely.

The worm drops a number of files onto infected user's hard drives and makes changes to the Windows Registry in order that the files are run when the computer is restarted. However, sometimes these dropped files do not work correctly and cause the infected computer to crash.

"Even the least technical people will realise that something is wrong with their computer if it crashes upon startup," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "In this way the Fizzer worm is its own worst enemy - a more successful virus would keep quiet about the fact that it has infected you in order to give it more chance to spread."

Despite the bug in the worm's code Sophos has received many reports of companies battling Fizzer and advises all businesses to ensure their anti-virus protection is kept updated. Sophos Anti-Virus is even capable of detecting the non-viable buggy files which are dropped by the worm.

"Companies who do not have procedures in place for rapid updates should implement them now because they are sure to need them again," continued Cluley. "Viruses like Fizzer quickly bubble to the surface and can be a significant nuisance."

Sophos recommends customers consider implementing automatic updates via its Enterprise Manager product.