June 02, 2003, 9:37 AM — Trend Micro Inc. has reported that computer virus activity picked up in May, rebounding from the low level recorded in April, the year's quietest month, so far.
The Fizzer worm, discovered May 13, spreads through aggressive emailing techniques and also through the Kazaa P2P file sharing network. Like many other recent 'mixed threats,' it contains backdoor features designed to steal data - in this case a keylogger. It also logs on to IRC (Internet Relay Chat) channels, presumably to allow communication with the writer/hacker.
Several observers have noted that the Fizzer worm is hindered by bugs or sloppy writing in several places, warning that it could easily have been more effective if the writer had 'polished' it further.
Running slightly behind Fizzer, the Sobig.B worm is best known for faking a Microsoft Corp. email address and pretending to be a message from the software company's tech support desk.
The deception is fairly simple, but it's enough to fool some users into opening the attachment without wondering why Microsoft is sending them a file for no apparent reason.
Sobig.B has another unusual feature - a line in its code will apparently prevent it from spreading after May 31. Infected users will still need to find and remove the worm's components.