Fizzer Worm Sparks Concern About Remote Security Risks

Computerworld - Last week's Fizzer worm appears to have had little impact on corporate networks, according to IT managers and analysts. But the malicious code and spyware that such viruses leave behind on unprotected systems could prove to be a long-term headache for companies, they said.

Fizzer represents an emerging class of worms that try to circumvent increasingly sophisticated corporate defenses in a variety of ways. The worm was contained in executable attachments embedded in e-mail messages with innocuous-sounding subject headers.

In general, companies that keep their antivirus software up to date and have policies for filtering executable attachments would have been protected against Fizzer, said Russ Cooper, an analyst at TruSecure Corp. in Reston, Va.

Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa., said IT and security managers who haven't yet taken such basic defense measures are simply being "derelict in their duty."

But workers who dial into corporate networks from their homes and other remote locations may not have full-blown defenses available to them and are therefore more vulnerable to having their PCs infected by such viruses, said Michael Allgeier, data security officer at the Lower Colorado River Authority in Austin, Texas.

That could prove dangerous because of the payload carried by worms like Fizzer. According to F-Secure Corp., a Helsinki, Finland-based antivirus software vendor, Fizzer contains a built-in Internet Relay Chat back door, a denial-of-service attack tool, a keystroke-logging Trojan, an HTTP server and other components.

Such capabilities could allow hackers to remotely control compromised machines and steal data from them or mine them for passwords, analysts said. And connecting a compromised system to a corporate network might let hackers burrow past other defenses.

"I think the biggest security threat today is remote users," said David Krauthamer, director of information systems at Advanced Fibre Communications Inc. in Petaluma, Calif. "It's becoming easier to gain an access foothold to a corporate network."

"We don't have any control over remote workstations or home PCs or kiosks or wherever it is that people access our networks from," Allgeier said. "We can't really rely on personal firewalls and antivirus software to detect Trojans and keystroke-loggers."

The Lower Colorado River Authority has begun to roll out software developed by Austin-based WholeSecurity Inc. that scans individual desktop PCs for malicious code. Allgeier said it's looking to deploy the tool for remote users as well.

Facts About Fizzer The worm spreads via e-mail and the Kazaa P2P file-sharing network. It contains a back door, a denial-of-service tool and a keystroke-logging Trojan. It generates e-mail subject headers that are completely random.