Reeezak: Unwanted holiday gift
Summary
Topics
Happy Holidays, and welcome to another round of Yet Another Outlook Worm (we'll coin a new acronym for these: YAOW). Of course, if you're still using Outlook after this year's onslaught of attacks, you're probably starting to wonder why. Of course, we know why; either it's free, and your CIO loves free stuff, or your company is using Exchange Server and Outlook is the only email client that, via MAPI, supports mail and group scheduling at the same time.
So here's the deal with this week's YAOW. It's called Reeezak, and despite the fact that it's not as widely spread as some, it's got a nastier payload than most. The good news is that you can dodge the bullet on this one.
Reeezak is a version of the Zacker family of worms. It arrives in e-mail messages with the subject line "Happy new year," containing what appears to be a holiday greeting card. While you're looking at the card, the payload removes your Windows system directory, modifies your registry so that the worm starts every time you start Windows, and it disables most anti-virus and firewall software. In the meantime, it sends copies of itself to every address in your Outlook address book. It also attempts to copy itself to any open shares on your network. Somewhere during this process, your keyboard is disabled.
Once you've looked at the greeting card, your browser is directed to a political Web site which then loads more malicious code on your computer.
If your users get this worm, you will have to repair their registry, reinstall Windows, and remove the files the worm created. Instructions for doing this are on most anti-virus Web sites. I looked at the Symantec site, which also discussed the ability of Norton Antivirus to block the worm.
At least with this worm, you should already be protected (which may explain why it's not spreading very fast). If you've performed the security updates for Outlook 2000 or Outlook 2002, you're protected. In addition, most antivirus software had the virus definition posted by December 18 or 19. So if you've been vigilant about keeping your Windows updates current and keeping your antivirus software up to date, then you should be fine.
If you haven't been vigilant, now's the time to do something about it--before Reeezak gets to you. Sure, it's a pain to go through Microsoft's almost daily Windows updates, but at least they're available. And with newer versions of Windows such as XP, you can make the process automatic.
Over the longer term, you probably should ask your company to reexamine the decision to use Outlook and/or Exchange Server as a corporate standard. Other corporate e-mail applications, such as Novell's GroupWise and IBM's Lotus Notes don't have these problems. Likewise, other Internet e-mail products based on standards such as POP3 and IMAP 4--such as Qualcomm's Eudora--avoid these problems. You should note that Eudora is also available for freefrom and that Notes clients, which can do Internet e-mail very nicely, are included free with most IBM computers.
Now, it's true that moving to Notes or GroupWise as a corporate standard will cost some money. But compare that against the money you're spending protecting Outlook, and the liability and risk you're incurring by using a corporate e-mail standard that you know is a target for malicious code. And you can bet that those customers in your users' address books aren't going to be very thrilled about getting a worm of this sort from your company. Maybe now's the time to ask your legal staff if it's worth the risk.
Meanwhile, you know what to do. Update everything, warn your users not to open attachments, especially those named Christmas.exe (the payload of Reeezak) or for that matter any other attachment that they don't already know about. That way, if you do get Reeezak from someone, maybe you can minimize the damage.
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
