BleepingComputer.com: Zafi.D Worm - Holiday e-Cards (MEDIUM RISK)

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Zafi.D Worm - Holiday e-Cards (MEDIUM RISK) be careful with holiday e-cards

#1 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 14 December 2004 - 08:33 AM

The new "D" variant of the Zafi worm family is an advanced email attack that uses a well-design social engineering approach. It disquises itself as a holiday e-card which might be accidently opened by a lot of folks. McAfee, F-Secure, and other AV vendors have escalated this to MEDIUM RISK.

Zafi.D Worm - Holiday e-Card Risk (MEDIUM RISK)
http://vil.nai.com/vil/content/v_130371.htm

This new variant contains the following characteristics:

* contains its own SMTP engine to construct outgoing messages
* spoofs the From: address
* harvests target email addresses from the victim machine
* outgoing email message body is either in Hungarian or English
* displays p2p worm behaviour
* shuts down security services

Secunia has declared this new threat as MEDIUM RISK
http://secunia.com/virus_information/13874/

This post has been edited by harrywaldron: 14 December 2004 - 12:10 PM

Microsoft Security Journal

#2 User is offline   KoanYorel 

  • Bleepin' Conundrum
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Staff Emeritus
  • Posts: 19,461
  • Joined: 26-April 04
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA

Posted 14 December 2004 - 04:22 PM

Published: December 14, 2004, 12:26 PM PST
By Matt Hines
Staff Writer, CNET News.com

Quote

Zafi worm purports to be Christmas greeting


A new variant of the so-called Zafi worm surfaced Tuesday, disguised to appear as a Christmas greeting.

Multiple antivirus researchers reported the emergence of the latest iteration of Zafi, classified as W32/Zafi.D. Security software companies including McAfee and MessageLabs issued warnings detailing that the worm is being hidden in e-mails that advertise themselves as holiday greetings.

According to MessageLabs, Zafi.D is already being attached to bulk e-mails using a variety of file names and extensions. By mid-morning Tuesday, the company said, it had intercepted over 25,000 copies of the virus.

..."Most at risk are home users who think that it's a Christmas card from somebody that they know...although it's actually from the virus sending it from a spoofed e-mail address,"...


Complete article
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 User is offline   tos226 

  • BleepIN--BleepOUT
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,423
  • Joined: 21-October 04
  • Gender:Female
  • Location:LocalHost

Posted 16 December 2004 - 09:53 AM

Another variant is: Erkez.D@mm
It can be in any language from sites mostly in Europe.
Description is here:
http://securityresponse.symantec.com/avcen...erkez.d@mm.html
Removal:
http://securityresponse.symantec.com/avcen...moval.tool.html
I got this from Woody's Office Watch newsletter today "Woody's EMAIL Essentials" <wow-robot@woodyswatch.com>

#4 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

Posted 17 December 2004 - 08:43 PM

Thanks for the good additional sharing :thumbsup:

Actually at Secunia Zafi.D went High Risk :flowers:

The new variants of ATAK also disquise themselves as holiday cards.
Microsoft Security Journal

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users