FRISK Software International

News from FRISK Software International > Security Alert > W32/Zafi.D@mm

A new variant of the Zafi family disguises itself as a convincing Christmas greeting

14 December 2004

W32/Zafi.D@mm started spreading on 14 December 2004 in e-mail messages containing holiday greetings in several different languages. Due to the considerable distribution this worm has gained in a short period of time W32/Zafi.D@mm has been classified as high risk. W32/Zafi.D@mm was quickly detected by FRISK Software virus analysts and virus signature files providing protection against this threat were released soon thereafter.

This new member of the Zafi family of mass-mailers uses its own SMTP engine to send itself to e-mail addresses harvested from the Windows Address Books of infected computers. W32/Zafi.D@mm tries to avoid detection by excluding e-mail addresses belonging to web administrators, antivirus companies and large Internet companies such as Google and Yahoo.

The worm itself is contained in attachments with the following endings:

.bat .zip .pif .cmd .com

The language of the holiday greeting contained in e-mails carrying W32/Zafi.D@mm depends on the domains of the e-mail addresses to which the worm sends itself. W32/Zafi.D@mm sends itself in the appropriate language to the following country specific domains:

.pl .no .fi .pt .cz .hu .fr .it .lt .sp .mx .ro .de .nl .se .at .es .ru .dk

Following is the English language text of e-mails carrying W32/Zafi.D@mm:

Sender: Pamela M.
Subject: Merry Christmas!
Happy HollyDays!
:) [Sender]

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Zafi.D@mm using virus signature files dated 14 December 2004 or later.

FRISK Software International is a leading developer of anti virus software and anti spam filtering services. FRISK Software International's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware. The company also offers F-PROT AVES, the anti spam and anti virus filtering service.

 
News
10 January 2012
F-PROT Antivirus for Windows Achieves a VB100 Award
F-PROT Antivirus achieves a VB100 award in the November 2011 issue of Virus Bulletin

RSS News Feeds
Virus news and information directly to your desktop.
more...


agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is