VIRUS ALERT---"Reeezak" Worm---Info on detection, prevention, removal
December 192001

W32.Reeezak.A@mm is a mass-mailing worm that uses Microsoft Outlook and MSN Messenger. Other names it is known as: W32/Keyluc@MM, W32/Maldal.c@MM, W32/Zacker@MM. Infected messages will have the following characteristics:

Subject: Hii    or    Happy New Year

Body: I can't describe my feelings But all i can say is Happy New Year :) bye

Attachment: Christmas.exe    (attachment icon has a Macromedia-Flash style icon)

In addition, the worm modifies the Internet Explorer start page to a malicious homepage. This webpage uses an Internet Explorer exploit to create a VBScript file on the system which then spreads itself via network shares and mIRC. The script file also attempts to delete common antivirus products.

We are NOT currently filtering for this virus. On the user-level, most email software has filtering capabilities that individuals can set to catch and remove suspicious messages. Customers should enable filtering features in their own software to catch anything that slips through our filters. Filtering on message content, as well as headers is a feasible option for individuals. Also, be sure you have updated anti-virus protection. See below for links to the Symantec and McAffee sites that can aid in the detection, prevention, and removal of this virus.

McAffee:

• Virus Information Library—http://vil.nai.com/VIL/default.asp
• Reeezak—http://vil.mcafee.com/dispVirus.asp?virus_k=99285&
• Anti-virus software—http://www.mcafeeb2b.com/products/desktop-protection.asp

Symantec:

• Security Response main page—http://securityresponse.symantec.com/
• Reeezak—http://securityresponse.symantec.com/avcenter/venc/data/w32.reeezak.a@mm.html
• Norton Anti-virus software: http://www.symantec.com