COMMENTARY--After nearly a year without a new computer virus, the Fizzer worm burst onto the Internet on Monday, infecting Windows systems worldwide. Like 1999's Melissa and 2000's ILOVEYOU viruses, which paralysed corporate e-mail servers, Fizzer (aka w32.fizzer@mm) spreads via e-mail. But because many corporations and home users have become relatively immune to email-borne viruses, Fizzer also spreads via Kazaa, a popular file-sharing network.

Thus far, Fizzer remains well behind the year-old Klez worm in terms of overall infections during the last month, according to antivirus company MessageLabs. Yet Fizzer is a very real threat. It aggressively opens your computer to remote access and has already brought several IRC networks to their knees. It also lays the groundwork for a possible large-scale Internet-based attack in the future.

Though IRC administrators have come up with a way to contain Fizzer, I see this as only a temporary reprieve. Fizzer and other worms like it will find a way to survive.

Fizzer is not the first worm to use Kazaa; last year's Duload and Benjamin did too. Like these other viruses, Fizzer disguises itself as a music or video file within the file-sharing network. If you have the Kazaa application installed on your computer, and happen to download an infected file, your system is likely to become infected.

Once infected with Fizzer, your computer becomes riddled with security holes that allow others on the Internet to gain access to your personal data. One of these exploits, a Trojan horse, allows malicious users to save all of your keystrokes--possibly capturing your passwords and or credit card numbers--and then broadcast that information to others on the Net.

Like the recent Deloder worm, Fizzer also attempts to connect to IRC networks from your PC. Last week the virus created so many new IRC connections that it threatened to overwhelm several IRC networks. One such network, which normally sees 100 to 200 connections at a time, suddenly found itself with more than 1,000 virus-infested computers connected to its server.

IRC administrators are fighting back. Last week a group of them created the Fizzer Task Force. Knowing that Fizzer automatically updates itself via Geocities servers, the Task Force found those servers and changed the update code. Now when a Fizzer-infected PC contacts the servers, the code that's supposed to update the worm uninstalls it instead.

This, of course, opens up a debate over whether the Task Force should be running code on other people's machines without their knowledge. I, for one, think it's wrong. Whatever your opinion on the matter, the technique is not foolproof. Virus authors need only encrypt their update code to avoid this type of meddling.

What differentiates Fizzer from other viruses is how aggressively it tries to open your computer to the outside world. Fizzer creates its own remote console on an open TCP port to listen for outside communications. It contains an HTTP server, which displays information about the infected computer--such as its system time, OS version, and usernames/passwords for IRC and AOL IM--to outsiders (namely the virus writer or other malicious users). And Fizzer doesn't just bring Trojan horses to your computer, it also provides a means for outsiders to install other Trojans on your PC without your knowledge.

Though it hasn't happened yet, I believe a worm like Fizzer might eventually be used to carry out a large distributed denial-of-service attack. By infecting Windows computers worldwide, and maintaining active communications with those machines, the virus writer or other malicious users could in a short amount of time enlist those machines in a more damaging viral assault.

While good firewall software is an excellent defence against this type of activity, recent worms like Fizzer have attempted to shut down antivirus apps (some of which come bundled with firewalls). The sure way to protect your system, of course, is to update your antivirus signature files to block Fizzer before it becomes active on your desktop. If you don't yet have antivirus protection, what's stopping you?

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.