Reeezak is yet another mass-mailing worm spreading through Microsoft Outlook address books and MSN Messenger. Unlike some other recent viruses, which didn’t cause too much damage, this worm poses a major threat. However, the worm can’t cause any damage unless people open the e-mail and the attachment propagated by this virus. But since this is the holiday season, the fake holiday greeting may trick a number of people into opening the attachment. Anyone who does open this worm risks having their computer completely disabled.
The Reeezak worm, also known asW32.Reeezak.A@mm, W32.Zacker.C@mm, and W32.Maldal.C@mm, was first reported Wednesday afternoon, December 19, 2001. The message that carries the Reeezak worm looks like the following:
Subject: Happy New year
I can't describe my feelings
But all i can say is
Happy New Year :)
According to an early Newsbytes report, one of the things that the Christmas.exe script does is to modify Internet Explorer to point to a malicious Web site on Yahoo's Geocities community homepage service. Geocities is a free Web page hosting site, and it’s simple to create a Web page anonymously on Geocities.
In addition to deleting antivirus programs and sending the attacked computer’s IE browser to a Web site containing more malicious code, Reeezak also disables some keyboard keys and, according to a Reuters report carried on CNET, attempts to delete files in the Windows System directory, which could completely disable the computer.
Computer Associates rates this a medium- to high-risk worm, Trend Micro rates it as a medium risk, ZDNet rates it as a 6 out of 10 on the Virus Meter, and Symantec says it already has wide distribution and poses a moderate threat.
As usual, I should point out that opening unexpected attachments is never a good idea and could help avoid this virus altogether. Many organizations have antivirus software that automatically blocks .exe files, so these companies should not be affected by this worm.
Have you been hit by the Reeezak worm?
We look forward to getting your input and hearing your experiences regarding this topic. Click here to post a comment or a question about this article.