SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
SecurityTracker Alert ID:  1006747
SecurityTracker URL:  http://securitytracker.com/id/1006747
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 13 2003
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information
Exploit Included:  Yes  

Description:   Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 'W32.Fizzer.A@mm'. According to the report, the worm is a mass-mailing worm that affects Microsoft Outlook [Outlook Express is also affected].

[Editor's note: This is not a vulnerability alert. However, we are issuing an alert because Microsoft has chosen to warn their customers of this.]

The malicious software is distributed via e-mail as an attachment with the .exe, .com, .pif, or .scr file extension. The subject line of the e-mail message may vary significantly. If the target user opens the attachment, the malicious code will execute with the privileges of the target (recipient) user.

The worm can reportedly perform the following actions on the target user's computer:

Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings

According to the vendor, the worm is spreading "in the wild."

Impact:   If a target user executes a malicious attachment, the worm's malicious code may be executed. See the Description Section for a list of potential impacts.
Solution:   Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block potentially harmful attachment types. These versions will reportedly block the attachment by default. You can check to see if you are running the latest version by loading the following URL:

http://office.microsoft.com/ProductUpdates/default.aspx

Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially malicious attachments by default, but you can get the Outlook E-mail Security Update to add this feature. See the following URL for more information:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

A list of attachment types that can be blocked by Outlook are available at:

http://support.microsoft.com?kbid=290497

Microsoft plans to issue the following Knowledge Base article regarding the worm, to be available shortly at:

http://support.microsoft.com/?kbid=821159

For the Microsoft advisory, see:

http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp

Vendor URL:  www.microsoft.com/technet/security/virus/alerts/fizzer.asp (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Microsoft PSS Team Warning about W32.Fizzer.A@mm worm


http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp

[Editor's note:  This is not a vulnerability alert.  However, we are issuing an alert 
because Microsoft has chosen to warn their customers of this.]

Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 
W32.Fizzer.A@mm.  According to the report, the worm is a mass-mailing worm that affects 
Microsoft Outlook, Microsoft Outlook Express, and related web-based e-mail software.  The 
worm is apparently spreading "in the wild".

The report lists some of the actions that the worm can take, including:

Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings

The subject line reportedly may vary significantly, but the worm itself is delivered as an 
attachment with the .exe, .com, .pif, or .scr file extension.

Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block 
potentially harmful attachment types. These versions will reportedly block the attachment 
by default.  You can check to see if you are running the latest version by loading the 
following URL:

http://office.microsoft.com/ProductUpdates/default.aspx

Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially 
malicious attachments by default, but you can get the Outlook E-mail Security Update to 
add this feature.  See the following URL for more information:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

A list of attachment types that can be blocked by Outlook are available at:

http://support.microsoft.com?kbid=290497

Microsoft also reports that Outlook Express 6 can be configured to block access to 
potentially malicious attachments.   See the following URL for more information:

http://support.microsoft.com?kbid=291387

If you are using a previous version of Outlook Express, you are out-of-luck, as they do 
not contain features to block potentially malicious attachments.

Microsoft plans to issue the following Knowledge Base article regarding the worm, to be 
available shortly at:

http://support.microsoft.com/?kbid=821159


-----

SEVERITY: MODERATE

DATE: May 12, 2003

PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC