BleepingComputer.com > Zafi.b - MEDIUM RISK (aka Erkez.B)

Full Version: Zafi.b - MEDIUM RISK (aka Erkez.B)

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

harrywaldron

Jun 14 2004, 07:39 AM

This new highly polymorphic worm has just been escalated to Medium Risk. It has the capability of generating the text in multiple languages which contributes to it's effectiveness in spreading. Avoid all email attachments ending with EXE, COM, and PIF (which we should always do). This new worm is network aware and can spread on a Peer-to-peer basis to open file shares on PCs and Servers.

Zafi.b - MEDIUM RISK, aka Erkez.B
http://secunia.com/virus_information/9988/
http://www3.ca.com/securityadvisor/virusin...s.aspx?id=39333
http://vil.nai.com/vil/content/v_126242.htm
http://www.sarc.com/avcenter/venc/data/w32.erkez.b@mm.html
http://times.hankooki.com/lpage/tech/20040...20092511800.htm

This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).

EMAIL Format to block or avoid

From: The "From:" field of the email is spoofed.
Subject: <Blank>
Attachment: <random file name with .com, .exe, or .pif as extension>
Message: <random and different languages>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.