Fizzer is still making the rounds

May 13, 2003 Sophos Press Release

The email-aware worm, W32/Fizzer-A, first seen late last week, seems to be picking up pace. Until today, Sophos had received only a handful of reports, but the numbers are now rising. Sophos customers who have kept their anti-virus software up-to-date are protected against all known threats, including this worm.

The email arrives with a subject line selected randomly from a list. The attachment is an infected executable with either a single or double extension. The worm spreads by emailing itself to contacts in the Microsoft Outlook and Windows address books and to random email addresses at popular domains such as,, and others.

W32/Fizzer-A has IRC backdoor Trojan functionality. This means that if it manages to infect a computer system, it will attempt to connect to a remote IRC server and run continuously in the background. By doing so, hackers can gain remote access and control over the computer via the open IRC channel. Blocking IRC connections at the firewall can ensure that external communication via IRC is impossible.

"The Fizzer worm can severely affect company confidentiality and credibility, so it is vital that businesses ensure that they are protected," explained Carole Theriault, anti-virus consultant at Sophos. "By updating virus protection automatically and by stopping executable attachments from even gaining access through their email gateway, companies stand the best chance of remaining untouched by such virus attacks."

Sophos Anti-Virus incorporates a range of reporting and management tools to support network administrators. The Enterprise Manager suite of software allows automatic installation, update and download of Sophos Anti-Virus from the internet. The MailMonitor suite of software checks all email traffic passing through your company, providing an extra layer of protection against mass mailing viruses. Threat reduction technology in MailMonitor for SMTP lets users reduce their exposure to virus threats even further by blocking potential carriers at the gateway.