It arrives as an email with the subject line "Happy New Year" and a message body text:
"Hii
I can't describe my feelings
But all i can say is
Happy New Year :)
bye"
Its payload is in its attachment, entitled "Christmas.exe."
According to Computer Associates International, Reeezak spreads upon execution by sending itself to every e-mail address in the infected computer user's Microsoft Outlook address book. The worm also has the ability to disable selective keys on the infected user's computer keyboard and delete all the files found in the Windows System Directory, rendering the computer inoperable. It also sets the victim’s Internet Explorer home page to a Geocities site which contains the message: “Sharoon = a war cirmenal. Bush supports him. So… Bush = a war crimenal (sic).” Visiting the page also triggers JavaScript that attempts to disable the visitor’s anti-virus and firewall products.
There are already reports that the worm began in South Africa and has spread widely in the UK and US. It is said to be a new version of an old virus called “Maladal.”
“Holiday-themed threats, such as Reeezak, remind us that computer users should never let their guard down when using the internet,” said Ian Hameroff of Computer Associates. “Be on the lookout for suspicious messages they may be bearing gifts that you don't want.”