May 14, 2003, 8:20 AM — Almost a week after it first appeared on the Internet, the Fizzer worm appears to be losing momentum, but experts disagree on whether or not the new computer virus has peaked.
Fizzer was first detected late last week and spread slowly at first, according to a statement by antivirus company Sophos PLC.
However, Monday saw a surge of incidents of the virus on the Internet, with most antivirus companies upgrading their rating of the virus from a low profile threat to a moderate or high threat.
On Monday, for example, F-Secure Corp. of Helsinki raised the alert on Fizzer to its highest level, saying it was one of the most widespread viruses currently in circulation. Symantec Corp.'s Security Response likewise upgraded its rating of Fizzer to a level 3 threat on a scale of one to five, citing 146 customer submissions of the virus including 26 from corporations, according to a statement from the Cupertino, California, company.
On Tuesday, most antivirus companies maintained their threat rating on Fizzer, but there is disagreement on whether the virus is continuing to rapidly proliferate, as it did on Monday.
"We saw in increase in the number of infections sharply over the course of (Monday) but (Fizzer) didn't spread widely and appears to have died out," said Chris Belthoff, senior product manager at Sophos.
A similar drop off was seen by other leading antivirus companies, as well. New submissions of Fizzer on Tuesday to AVERT (Anti-Virus Emergency Response Team), part of Network Associates Inc., were down 60 percent from the same time on Monday, according to a Network Associates spokeswoman.
But e-mail security company MessageLabs Ltd. of Gloucester, U.K., reported an increase in the number of infections on Tuesday to 60,000 from 22,000 on Monday, according to Mark Sunner, chief technical officer of MessageLabs.
"Fizzer started as a slow burner, but now it's really gathering momentum," Sunner said.
Some of the confusion over the fate of Fizzer could be due to the different vantage point of the security companies.
Like other e-mail worms, the Fizzer virus hides in executable attachments to e-mail messages with enticing subject lines that are generated at random from lists maintained by the worm.
The worm spreads by locating the Microsoft Corp. Outlook and Windows address books and using the records stored there to send copies of itself out to those addresses, Sophos said.
While antivirus companies measure outbreaks by the number of virus submissions from their customer base, managed service companies such as MessageLabs measure them by the number of messages containing viruses that are intercepted on the way to their customers' networks.