Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
|
|
SecurityTracker Alert ID: 1006747 |
|
SecurityTracker URL: http://securitytracker.com/id/1006747
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 13 2003
|
Impact:
Execution of arbitrary code via network, Modification of system information, Modification of user information
|
Exploit Included: Yes
|
|
Description:
Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 'W32.Fizzer.A@mm'. According to the report, the worm is a mass-mailing worm that affects Microsoft Outlook [Outlook Express is also affected].
[Editor's note: This is not a vulnerability alert. However, we are issuing an alert because Microsoft has chosen to warn their customers of this.]
The malicious software is distributed via e-mail as an attachment with the .exe, .com, .pif, or .scr file extension. The subject line of the e-mail message may vary significantly. If the target user opens the attachment, the malicious code will execute with the privileges of the target (recipient) user.
The worm can reportedly perform the following actions on the target user's computer:
Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings
According to the vendor, the worm is spreading "in the wild."
|
Impact:
If a target user executes a malicious attachment, the worm's malicious code may be executed. See the Description Section for a list of potential impacts.
|
Solution:
Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block potentially harmful attachment types. These versions will reportedly block the attachment by default. You can check to see if you are running the latest version by loading the following URL:
http://office.microsoft.com/ProductUpdates/default.aspx
Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially malicious attachments by default, but you can get the Outlook E-mail Security Update to add this feature. See the following URL for more information:
http://office.microsoft.com/Downloads/2000/Out2ksec.aspx
A list of attachment types that can be blocked by Outlook are available at:
http://support.microsoft.com?kbid=290497
Microsoft plans to issue the following Knowledge Base article regarding the worm, to be available shortly at:
http://support.microsoft.com/?kbid=821159
For the Microsoft advisory, see:
http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp
|
Vendor URL: www.microsoft.com/technet/security/virus/alerts/fizzer.asp (Links to External Site)
|
Cause:
State error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: Microsoft PSS Team Warning about W32.Fizzer.A@mm worm
|
http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp
[Editor's note: This is not a vulnerability alert. However, we are issuing an alert
because Microsoft has chosen to warn their customers of this.]
Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as
W32.Fizzer.A@mm. According to the report, the worm is a mass-mailing worm that affects
Microsoft Outlook, Microsoft Outlook Express, and related web-based e-mail software. The
worm is apparently spreading "in the wild".
The report lists some of the actions that the worm can take, including:
Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings
The subject line reportedly may vary significantly, but the worm itself is delivered as an
attachment with the .exe, .com, .pif, or .scr file extension.
Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block
potentially harmful attachment types. These versions will reportedly block the attachment
by default. You can check to see if you are running the latest version by loading the
following URL:
http://office.microsoft.com/ProductUpdates/default.aspx
Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially
malicious attachments by default, but you can get the Outlook E-mail Security Update to
add this feature. See the following URL for more information:
http://office.microsoft.com/Downloads/2000/Out2ksec.aspx
A list of attachment types that can be blocked by Outlook are available at:
http://support.microsoft.com?kbid=290497
Microsoft also reports that Outlook Express 6 can be configured to block access to
potentially malicious attachments. See the following URL for more information:
http://support.microsoft.com?kbid=291387
If you are using a previous version of Outlook Express, you are out-of-luck, as they do
not contain features to block potentially malicious attachments.
Microsoft plans to issue the following Knowledge Base article regarding the worm, to be
available shortly at:
http://support.microsoft.com/?kbid=821159
-----
SEVERITY: MODERATE
DATE: May 12, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail
|
|
