Reeezak Worm Offers Holiday Jeers

A new mass-mailer worm that offers New Year's greetings and what appears to be a Christmas-related animation, but actually tries to delete large portions of the Windows operating system, is reported spreading in Europe.

The worm, called Reeezak, appears in in-boxes with the subject line "Happy New Year" and a message that reads "Hii I can't describe my feelings But all i can say is Happy New Year :-) bye," according to Ian Hameroff, business manager for security solutions at Computer Associates International. An attachment called "Christmas.exe" accompanies the e-mail and appears to be a Macromedia Flash animation, Hameroff said.

When a recipient double-clicks the attachment file, the worm sends itself to all addresses listed in the user's address book and also tries to delete all the files in the Windows directory, as well as disabling some keys on the keyboard, he said. The worm spreads only through Microsoft Outlook or Outlook Express e-mail clients, according to Hameroff. However, it can delete files on any Windows system.

Though the worm has only shown up in Europe so far, it was first reported on Wednesday and is likely to spread into the United States as the business day continues, Hameroff said.

Mixed Reception

Other antivirus companies report different effects from double-clicking on Reeezak, however. Symantec, in a virus alert posted on its Web site, says that the worm also tries to spread using the Internet Relay Chat application or through shared folders. Symantec also reports that the worm attempts to delete antivirus programs.

To avoid infection, users are cautioned not to open unexpected attachments, and companies should block many e-mail attachments, including .exe files. Users should also check with their antivirus vendor for updated virus protection.

In fact, another antivirus vendor has issued a warning that e-mailed Christmas greetings can be the perfect disguise for a virus or other malicious code.

"Despite their innocent appearance, these messages should always be treated with great caution as they provide the ideal camouflage for computer viruses," Panda Software suggests in a statement. Panda cites the Win32/SKA worm, better known as Happy 99, which is a virus in the guise of a New Year's greeting. The virus has circulated for nearly three years and continues to spread. Similar culprits are the W32/Navidad.B and VBS/HappyTime, which tend to spread further throughout the holiday season.