It arrives as an email with the subject line "Happy New Year"
and a message body text:
"Hii
I can't describe my feelings
But all i can say is
Happy New Year :)
bye"
Its payload is in its attachment, entitled "Christmas.exe."
According to Computer Associates International, Reeezak spreads
upon execution by sending itself to every e-mail address in the
infected computer user's Microsoft Outlook address book. The worm
also has the ability to disable selective keys on the infected
user's computer keyboard and delete all the files found in the
Windows System Directory, rendering the computer inoperable. It
also sets the victim’s Internet Explorer home page to a Geocities
site which contains the message: “Sharoon = a war cirmenal. Bush
supports him. So… Bush = a war crimenal (sic).” Visiting the page
also triggers JavaScript that attempts to disable the visitor’s
anti-virus and firewall products.
There are already reports that the worm began in South Africa
and has spread widely in the UK and US. It is said to be a new
version of an old virus called “Maladal.”
“Holiday-themed threats, such as Reeezak, remind us that
computer users should never let their guard down when using the
internet,” said Ian Hameroff of Computer Associates. “Be on the
lookout for suspicious messages they may be bearing gifts
that you don't want.”
