Skip to comments.
Zafi Worm Hides Behind Christmas Cheer (Don't Click!)
yahoo.com ^
| Tue Dec 14, 2004
| Paul Roberts
Posted on 12/14/2004 8:06:53 PM PST by crushelits
A new version of the Zafi e-mail worm is spreading Christmas wishes along with its malicious code, according to antivirus software companies
Zafi.D is a mass-mailing worm that arrives in a.zip file attached to e-mail messages with the subject "Merry Christmas." Instead of a gift, however, the e-mail package delivers worm code that infects Microsoft Windows systems on which it is opened. Leading antivirus companies, including McAfee, Sophos, and Computer Associates issued warnings about the new worm and updated antivirus signatures to stop the new threat.
In addition to the Christmas well wishes in the subject line, Zafi-generated e-mails contain the message "Happy Hollydays" and are signed "Jaime."
CA researchers collected almost 100 samples of Zafi.D since spotting the new worm variant early Tuesday, says Stefana Ribaudo, manager of the company's eTrust Security Management division. At McAfee, around 50 samples of the worm were collected, mostly from Europe, says Vincent Gullotto, vice president of McAfee's Anti-Virus Emergency Response Team.
Both companies rated Zafi.D a "medium" threat, indicating that a number of samples have been spotted, and that the worm has a destructive payload.
Like most other mass-mailing e-mail worms, Zafi.D modifies the configuration of Windows machines, shutting down other security software and harvesting e-mail addresses from files on the infected computer. After it harvests e-mail addresses, Zafi uses a built-in SMTP (Simple Mail Transfer Protocol) to send e-mail to those addresses with copies of the worm code, antivirus companies say.
Don't Click!
The worm has had more luck spreading than earlier Zafi variants, possibly because of its well-timed and appealing subject line and message, which are good examples of what antivirus researchers call "social engineering"--subtle tricks used to gain victims' confidence, Ribaudo says.
However, the increase in reports could be due to an initial spam distribution of the worm. The similarity of Zafi.D to its predecessors--and to other mass mailing worms--means that it's likely that few examples of the new worm are actually getting through to e-mail inboxes, Gullotto says.
Antivirus experts advise e-mail users to update their antivirus software to obtain the latest virus definitions for Zafi.D and to use extreme caution when handling unexpected e-mail attachments.
TOPICS: News/Current Events
KEYWORDS: behind; cheer; christmas; hides; worm; zafi
To: crushelits
2
posted on
12/14/2004 8:25:03 PM PST
by
upchuck
(This tag line shutdown for it's "30,000 messages posted" check up.)
To: potlatch; devolve; PhilDragoo
3
posted on
12/14/2004 11:50:07 PM PST
by
ntnychik
(Proud member of the Bush-wazee)
To: crushelits; All
Help for viruses and malware:
-SWI Forums-
4
posted on
12/15/2004 12:08:45 AM PST
by
backhoe
(Just an old Keyboard Cowboy, ridin' the Trackball into the Dawn of Information...)
To: backhoe
“Spy Sweeper is the most effective standalone tool for detecting, removing and blocking spyware.”
To: crushelits
That's a good one, too. Now we just need to bring back public flogging of the worms who write and propagate malware.
6
posted on
12/15/2004 8:15:35 AM PST
by
backhoe
(-30-)
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.