The Fizzer Worm is a Curious Yellow-like worm. It infects Windows systems through a variety of paths, takes control of them, coordinates subsequent infection attempts using an IRC channel. It gets code-updates from a Geocities webpage, so that it can mutate to avoid anti-virus software.
A coalition of IRC operators who've banded together to fight the worm have hijacked the Geocities webpage that Fizzer uses to update itself and they've posted a poison-pill to it. The next time the worm checks for its update, it will download a set of instructions that tell it to uninstall itself.
This is eerily akin to the deus-ex climaxes to movies like Independence Day, in which a semi-autonomous, broad-reaching hunk of malware is tricked into self-destructing.
Just a quick note to say that we (we as in Fizzer Task Force/IRC Unity)
now control the update page, and have posted a mirror of the
http://www.debugoutput.com/fizzer.php site on the geocities website that
fizzer uses to update itself.We have also postted a fizzer cleaner to the actual URL that the bot
downloads its updates from, as a self extracting and running executable.
We're crossing our fingers that the bots are looking for an executable
to update themselves…
