Monday, June 14, 2021

New Zafi-D Worm Spreads Christmas Fear

The latest variant in the Zafi worm family has hit the Wild, disguising

itself as a Christmas greeting.

Zafi-D, which was discovered Monday, Dec. 13, has received a medium

threat risk assessment from Panda Software, an anti-virus company with

U.S. headquarters in Glendale, Calif.

”Despite its disguise, Zafi-D isn’t much of a Christmas present,” warns

Graham Cluley, senior technology consultant for Sophos, Inc., an

anti-virus and anti-spam company based in Lynnfield, Mass. ”Users who

open the attached file will trigger the virus into action, infecting

their PC and potentially opening it up to hacker attack.

”Heartless hackers and virus writers can attack at any time of year, and

every computer user should be on the lookout for unusual emails and be

wary of ever opening any unsolicited file they are sent via email,” adds


Sophos reports that Zafi-D, which is believed to have been written in

Hungary, spreads an attached file inside emails offering seasonal

greetings to the recipient. The emails can use a variety of different

languages, including English, French, Spanish and Hungarian.

The email messages include: ”FW: Merry Christmas”, ”Happy HollyDays!”

and ”Feliz Navidad!”. Embedded inside the email is a crude animated GIF

graphic of two smiley faces. The ‘From’ field of the email is spoofed.

Analysts from MessageLabs, Inc., a managed email security company based

in New York, reports that Zafi-D is a mass mailing virus that uses its

own SMTP engine to spread and harvests email addresses from compromised

machines. The virus also attempts to replicate via P2P applications.

The recipient must manually open the attachment in order for it to be

executed, upon which it will attempt to disable any running firewall and

antivirus software, according to MessageLabs. Windows tools, like Task

Manager and the Registry Editor, also may be disabled.

Zafi.D has a remote access component that waits for inbound connections

on TCP port 8181. Remote users can then upload and execute files via this


Sophos’ Cluley advises IT managers to warn users to be suspicious about

email greetings.

”Having a business environment where it’s seen to be acceptable to send

and receive joke programs, screensavers, and electronic greetings cards

increases the risk of virus infection at any time, but can prove

particularly risky during the holiday season,” Cluley says. ”When your

computer data is at risk, it may be wiser to avoid electronic

well-wishing, and use paper and ink instead.”

Similar articles

Latest Articles

Top Data Visualization Tools...

The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

The Data Capture Market

Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...

NVIDIA and the Move...

NVIDIA recently held a Q&A with its visionary CEO Jensen Huang.   While the Q&A this week focused on NVIDIA’s announcements at Computex, his opening and...

Acquia Updates Open Digital...

BOSTON – Acquia’s Drupal-based customer experience (CX) platform is looking different to enterprise users. Acquia made updates last quarter across its three-part Open Digital Experience...