Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fizzer Worm Uninstalling Itself

Posted by CowboyNeal on from the sigh-of-relief dept.

boredMDer writes "According to a recent update on the Dshield.org mailing list, apparently the Fizzer Task Force has gained control of the Geocities webpage from which Fizzer updates itself. From an IRC-Security mailing list: 'We have also postted a Fizzer cleaner to the actual URL that the bot downloads its updates from, as a self extracting and running executable.' The Fizzer-uninstaller posted there creates the file '%WinDir%\uninstall.pky', which then causes Fizzer to remove all of its registry keys. Looks like the Fizzer worm will soon come to an end."

35 of 434 comments (clear)

  1. In other News... by lukew · · Score: 5, Funny

    The fizzer worm information minister soon after came forth to announce that the site had in fact not been taken over, and that the fizzer worm was more fertile then ever.

  2. Interesting by eumenides · · Score: 1, Funny

    It looks like the fizzer worm
    just fizzled out
    ha ha ha ha
    (i'm so lame)

  3. *Sigh* by cperciva · · Score: 5, Funny

    When will people learn that if you're going to download program updates, you should use public-key cryptography to sign the updates?

    If you're going to write a worm, do it right.

    --
    Tarsnap: Online backups for the truly paranoid
    1. Re:*Sigh* by will_die · · Score: 5, Funny

      You just go the simple route, include an EULA saying that doing this is against the DCMA.
      Then sue.

  4. outrageous by circletimessquare · · Score: 5, Funny

    as a compassionate human being i find this outrageous

    to use the innate homing behavior of a wild natural creature like this virus against it...

    to warp it's natural instincts to find home into the means by which it kills itself displays a craven lack of respect for computer worm/ virus entities

    do not these strange and wonderful beings deserve our respect and encouragement? is there no natural sanctuary of a subnet on which these beautiful beings can live out their imperative to reproduce? unburdened by the ill wishes of mankind?

    is there no compassion on the internet?

    outrageous

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. Re:Huh? by scalis · · Score: 5, Funny

    Im SURE this must violate the Fizzer EULA somehow, in fact FizzerCorp has set their legal department to work on this right now!

    --

    True ravers don't need drugs
  6. Re:Hacked into Geocities? by 42forty-two42 · · Score: 4, Funny
    Next time try doing a little research (like asking in the IRC channel) before posting.
    You're new here, aren't you?
  7. the worm has proved itself to be a new lifeform by andy666 · · Score: 4, Funny

    so i think it is morally wrong to kill them all. who are we to decide which new e-species lives and which dies ?

    (see star trek for more on this topic....)

  8. Somound needs to be more creative... by Anonymous Coward · · Score: 5, Funny

    I mean seriously, this article just SCREAMED for a title like Fizzer Fizzels Out, or something like that. I don't blame Slashdot, I blame DShield.org for their lack of insight to use good reporting techniques such as headlining...

  9. Re:Full Text of Article by Malfourmed · · Score: 2, Funny
    we now control the update page, and have posted a mirror on the geocities website that fizzer uses to update itself.
    All your pages are belong to us.
    --
    a world in progress...
  10. Good thing Symantec.... by caffeinex36 · · Score: 5, Funny

    ...didn't get a hold of the Geocities page...Otherwise there would be 120398123 people un-happy with a "free-trial" of Norton AV on thier desktop right now.

    -Rob

  11. Great! by varjag · · Score: 2, Funny

    While they are at it, could they also made worm install some simple firewall and anti-viral software at user's marchines?

    --
    Lisp is the Tengwar of programming languages.
  12. Well... by High+Hat · · Score: 2, Funny

    ... what about doing this to Windows Update?

  13. Re:Huh? by Ed+Avis · · Score: 4, Funny

    It would have been smarter for the worm to verify a signature on the code it downloads (a la Xbox) so it couldn't be disabled in this way. Trusting a particular Geocities URL is just silly.

    --
    -- Ed Avis ed@membled.com
  14. Re:wtf? by Smallpond · · Score: 4, Funny


    Fizzer uninstaller:

    format c:

    I don't see any adverse effects.

  15. Re:Ansivirus companies' advice by andkaha · · Score: 2, Funny
    Unfortunately, this won't work on XP (which has no DOS box), so you're forced to use notepad or something which will append .txt to the end of any file, and then you have to go into explorer and rename it, hope to god that the user won't get scared by the "if you change the file extention, this file name not be usuable anymore" warning, and so on.

    Just name it "Uninstall.pky" (including the double quotes) in Notepad.

    I never thought that I would give a Windows tip... shudder...

    --
    It's 11pm, do you know what your deamons are up to?
  16. Just walk without a rhythm... by sopuli · · Score: 4, Funny

    Because, if you walk without a rhythm, you won't attract the worm.

  17. Re:Huh? by Anonymous Coward · · Score: 2, Funny

    As you state, it was done without lace from any mall. I believe it was also done without mallets, mallards, malaprops, and mallrats.

  18. Re:Huh? by WPIDalamar · · Score: 5, Funny


    Viruses should put EULA's on them! I mean how many times do you see them posted to bugtraq, or disected and discussed. This is a clear violation of the copyright the author has on the code!

    Of course, I'd love to see that author try to sue someone over it.

    Cracker: He stole my virus.
    Judge: I award you $1000 in damages, and 20 years in jail.

  19. Don't worry... by new+death+barbie · · Score: 2, Funny

    ...they'll get another chance on the duplicate posting...

    --

    It's supposed to be completely automatic, but actually you have to press this button.

  20. So... by angst7 · · Score: 1, Funny

    I guess you could say the whole thing just sort of ... fizzled.

    *cough*

    ---
    Jedimom.com, choo choo choosing you.

    --
    StrategyTalk.com, PC Game Forums
  21. Hey, unfair! by Black+Parrot · · Score: 2, Funny


    > The Fizzer-uninstaller posted there creates the file '%WinDir%\uninstall.pky', which then causes Fizzer to remove all of its registry keys.

    Why didn't they provide a UNIX version, too?

    --
    Sheesh, evil *and* a jerk. -- Jade
  22. Great idea! Next let's... by MongooseCN · · Score: 3, Funny

    Next let's take over the MS Update site and put REAL patches on there. Then when the client updates his system, he won't be installing more holes.

    --


    Outdoor digital photography, mostly in New Engl
  23. No more fizzer by aztektum · · Score: 2, Funny

    until the Pfizer worm comes around and then we're all in for a hard time

    i got nothin' this morning

    --
    :: aztek ::
    No sig for you!!
  24. Re:Helpfully by spanky1 · · Score: 2, Funny

    You know, the source for that phrase is from a popular book.

    Harry Potter?

  25. Re:wtf? by Doug+Neal · · Score: 3, Funny

    In the words of genius cartoonist Gary Larson,

    "Yes, yes, I know that, Sydney ... Everybody knows that! ... But look: Four wrongs squared, minus two wrongs to the fourth power, divided by this formula, do make a right."

  26. Well, finally... by Lane.exe · · Score: 2, Funny

    Someone thought of something useful to do with the MS Update code.

    --
    IAALS.
  27. Re:Huh? by nocomment · · Score: 4, Funny

    FizzerCorp is too busy to sue. They are trying to prepare their defense to say that in fact fizzer does _NOT_ contain SCO code.

    --
    /* oops I accidentally made a comment, sorry */
    /* http://allyourbasearebelongto.us */
  28. Re:Huh? by facelessnumber · · Score: 5, Funny

    Oh, that's a great idea! How about a flashing red popup window, that says "Your computer may have a VIRUS! Punch the monkey to remove it!"

    ...Would you click it?

  29. Re:Huh? by Tuna_Shooter · · Score: 2, Funny

    I'm just wondering why someone doesnt release a "Fizzer" - "Code-Red" type of worm that will actually FIX some of Redmond's holes..... seems kinda logical dont ya think ???

    --
    *--- Sometimes a majority only means that all the fools are on the same side. ---*
  30. But won't Micro$oft get upset when... by linuxwrangler · · Score: 4, Funny

    their update site converts all those machines to Linux?

    --

    ~~~~~~~
    "You are not remembered for doing what is expected of you." - Atul Chitnis
  31. Re:Huh? by apdt · · Score: 4, Funny


    Hmmm... yes, it seems as though this is opening a can of worms...


    Sorry, I couldn't resist it.

    --
    I lay awake last night wondering where the sun had gone, then it dawned on me.
  32. Re:Seems similar to RIAA requests... by MillionthMonkey · · Score: 2, Funny

    Wow. Is this what it takes to get any sort of response from Geocities?

    I set up a Geocities page in 1997. After they were bought by Yahoo, my password stopped working and I haven't been able to delete the page in years- which sucks because it's embarrassing to have a page with the digging man GIF in 2003. Geocities is unresponsive. I guess the solution is to release a worm that checks to see if the page is still there!

    Does anybody have a copy of Fizzer? I have to edit one of its resource strings and post that baby on KaZaa.

  33. Re:Huh? by dhaines · · Score: 2, Funny

    How do you feel?
    Glad that I drink bottled water.

  34. Right idea, wrong URL. by AnotherBlackHat · · Score: 4, Funny

    They should have taken over this one ;)

    -- this is not a .sig