The latest variant in the Zafi worm family has hit the Wild, disguising
itself as a Christmas greeting.
Zafi-D, which was discovered Monday, Dec. 13, has received a medium
threat risk assessment from Panda Software, an anti-virus company with
U.S. headquarters in Glendale, Calif.
”Despite its disguise, Zafi-D isn’t much of a Christmas present,” warns
Graham Cluley, senior technology consultant for Sophos, Inc., an
anti-virus and anti-spam company based in Lynnfield, Mass. ”Users who
open the attached file will trigger the virus into action, infecting
their PC and potentially opening it up to hacker attack.
”Heartless hackers and virus writers can attack at any time of year, and
every computer user should be on the lookout for unusual emails and be
wary of ever opening any unsolicited file they are sent via email,” adds
Sophos reports that Zafi-D, which is believed to have been written in
Hungary, spreads an attached file inside emails offering seasonal
greetings to the recipient. The emails can use a variety of different
languages, including English, French, Spanish and Hungarian.
The email messages include: ”FW: Merry Christmas”, ”Happy HollyDays!”
and ”Feliz Navidad!”. Embedded inside the email is a crude animated GIF
graphic of two smiley faces. The ‘From’ field of the email is spoofed.
Analysts from MessageLabs, Inc., a managed email security company based
in New York, reports that Zafi-D is a mass mailing virus that uses its
own SMTP engine to spread and harvests email addresses from compromised
machines. The virus also attempts to replicate via P2P applications.
The recipient must manually open the attachment in order for it to be
executed, upon which it will attempt to disable any running firewall and
antivirus software, according to MessageLabs. Windows tools, like Task
Manager and the Registry Editor, also may be disabled.
Zafi.D has a remote access component that waits for inbound connections
on TCP port 8181. Remote users can then upload and execute files via this
Sophos’ Cluley advises IT managers to warn users to be suspicious about
”Having a business environment where it’s seen to be acceptable to send
and receive joke programs, screensavers, and electronic greetings cards
increases the risk of virus infection at any time, but can prove
particularly risky during the holiday season,” Cluley says. ”When your
computer data is at risk, it may be wiser to avoid electronic
well-wishing, and use paper and ink instead.”