Weekly Virus Report – Fizzer Worm and Lovgate Variants
This week’s virus report looks at Trifor (Trj/Trifor), the dangerous Fizzer worm (W32/Fizzer), and the I, J, K, L and M variants of the Lovgate worm.
Trifor is a Trojan with no damaging effects that spreads via the Internet. To do this, it exploits the iFrame vulnerability in versions 5.01 and 5.5 of Internet Explorer.
The most visible symptom of infection by this Trojan is that it changes the home page of Internet Explorer to the web page that contains the virus code.
Fizzer is a new dangerous worm that not only spreads rapidly but can also act as a backdoor Trojan, allowing a hacker remote access to resources on the victim’s computer.
It captures the keystrokes entered in the affected computer and saves them in a text file. If hackers obtained this file, they would be able to access the confidential information belonging to the user of the affected computer, such as passwords for accessing Internet services, bank accounts, etc. It also ends certain process active in memory associated with antivirus programs.
This worm mainly spreads via e-mail. It sends a copy of itself to all the contacts it finds in the Outlook and Windows Address Books. Fizzer also spreads through the P2P (peer-to-peer) file sharing program KaZaA.
Due to the amount of incidents being caused by Fizzer -which reached second place in the list of viruses most frequently detected by Panda ActiveScan-, Panda Software has made its PQREMOVE application available to all users to repair any possible damage caused by the worm. This utility can be downloaded free of charge by anyone who needs it from Panda Software.
Finally, the I, J, K, L and M variants of the Lovgate worm spread via e-mail (replying to messages in the Outlook inbox) and shared network drives.
They all create copies of themselves and are similar to backdoor Trojans, as they open a communication port and try to locate network administrator passwords.
Differences between the variants are slight and are mainly down to file size or the ability to infect executable files as is the case with Lovgate.J.