Reeezak worm offers holiday jeers

A new mass-mailer worm that offers New Year’s greetings and what appears to be a Christmas-related animation, but actually attempts to delete large portions of the Windows operating system, is spreading according to Computer Associates International Inc.

The worm, called Reeezak, appears in inboxes with the subject line “Hi,” and a message that reads “I can’t describe my feelings, but all I can say is Happy New Year 🙂 Bye,” according to Ian Hameroff, business manager for security solutions at CA.

An attachment called “Christmas.exe” accompanies the e-mail and appears to be a Macromedia Inc. Flash animation, Hameroff said. When the attachment is double-clicked, the worm sends itself to all addresses listed in the user’s address book and also tries to delete all the files in the Windows directory as well as disabling some keys on the keyboard, he said.

The worm only affects users of Microsoft Corp.’s Outlook or Outlook Express e-mail clients, according to Hameroff.

Though the worm has only shown up in Europe so far, as the business day begins in the United States and Canada, copies of it will likely begin to appear in corporate mailboxes, Hameroff said.

Other anti-virus companies report different effects from double-clicking on Reeezak, however. Symantec Corp., in a virus alert posted on its Web site, says that the worm also tries to spread using the mIRC (Internet Relay Chat) application or through shared folders. Symantec also reports that the worm attempts to delete anti-virus programs.

To avoid infection, users are cautioned not to open unexpected attachments and companies should block many e-mail attachments, including .exe files. Users should also check with their anti-virus vendor for updated virus protection.

Computer Associates, based in Islandia, N.Y is at Symantec Corp., based in Cupertino, Calif., is at