WORM_PIZZER.A

WORM_PIZZER.A is a worm that inserts copies of itself into various accessible archive files, even including password-protected ones, by abusing a baseline WinRAR feature. PCs that open these archive files will become infected with WORM_PIZZER.A and continue the cycle, as per typical worm propagation strategies. Other information on WORM_PIZZER.A's capabilities remain under investigation, although SpywareRemove.com malware experts often find similar PC threats being used as part of a set of targeted attacks against various government or point-of-sale business infrastructures. To be certain of deleting all copies of WORM_PIZZER.A along with any other PC threats that may be related to its presence, you should use anti-malware scanners that are capable of analyzing archive files along with all other files on your hard drive.

WORM_PIZZER.A: Adding a Piece of Itself to Your Other Files as It Pleases

WORM_PIZZER.A, like all worms, handles its own distribution efficiently, although WORM_PIZZER.A also has been seen being installed by other PC threats, such as the fellow worm WORM_SWYSINN.SM. What caught the eyes of the workers at Trend Micro, not to mention those of SpywareRemove.com own malware analysts, was WORM_PIZZER.A's ability to circumvent even the standard password protection features offered by programs like WinRAR and WinZip. By exploiting a default command line option in the former archiving program, WORM_PIZZER.A creates a copy of itself that's placed inside even a password-protected ZIP or RAR file.

Unfortunately, an analysis of WORM_PIZZER.A's payload is not available at this time, but SpywareRemove.com malware researchers can verify that WORM_PIZZER.A doesn't attempt to compromise the passwords of the archived files WORM_PIZZER.A infects. The purpose of infecting these files appears to be limited to distributing WORM_PIZZER.A to other computers after they're used to open the archive. Worms like WORM_PIZZER.A also often employ secondary distribution methods (such as e-mail spambot attacks) that exploit the infected PC's resources without showing any symptoms.

Playing Pied Piper to Lead WORM_PIZZER.A Out of Your Archives

PCs without WinRAR installed may very well be immune to WORM_PIZZER.A's primary method of copying itself, but that isn't necessarily indicative of safety from WORM_PIZZER.A's other attacks, or from attacks by PC threats that are associated with your WORM_PIZZER.A infection. Since worms like WORM_PIZZER.A often include many backup copies of themselves that are concealed in what often turn out to be difficult-to-ascertain locations, SpywareRemove.com malware experts generally discourage trying to find and remove WORM_PIZZER.A by hand.

Despite these caveats, anti-malware products with sufficiently exhaustive scanning features should be able to find and delete WORM_PIZZER.A, including copies that are hidden in any archive files on your computer. You also should take particular care to scan removable devices and network-accessible locations, which are some of the favorite infection vectors of worms just like WORM_PIZZER.A. Removing WORM_PIZZER.A should not, under any circumstances, harm any archive files that were infected with WORM_PIZZER.A.

Technical Details