Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Zafi.D Worm - Holiday e-Cards (MEDIUM RISK)

  • Please log in to reply
3 replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:14 AM

Posted 14 December 2004 - 08:33 AM

The new "D" variant of the Zafi worm family is an advanced email attack that uses a well-design social engineering approach. It disquises itself as a holiday e-card which might be accidently opened by a lot of folks. McAfee, F-Secure, and other AV vendors have escalated this to MEDIUM RISK.

Zafi.D Worm - Holiday e-Card Risk (MEDIUM RISK)

This new variant contains the following characteristics:

* contains its own SMTP engine to construct outgoing messages
* spoofs the From: address
* harvests target email addresses from the victim machine
* outgoing email message body is either in Hungarian or English
* displays p2p worm behaviour
* shuts down security services

Secunia has declared this new threat as MEDIUM RISK

Edited by harrywaldron, 14 December 2004 - 12:10 PM.

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:14 AM

Posted 14 December 2004 - 04:22 PM

Published: December 14, 2004, 12:26 PM PST
By Matt Hines
Staff Writer, CNET News.com

Zafi worm purports to be Christmas greeting

A new variant of the so-called Zafi worm surfaced Tuesday, disguised to appear as a Christmas greeting.

Multiple antivirus researchers reported the emergence of the latest iteration of Zafi, classified as W32/Zafi.D. Security software companies including McAfee and MessageLabs issued warnings detailing that the worm is being hidden in e-mails that advertise themselves as holiday greetings.

According to MessageLabs, Zafi.D is already being attached to bulk e-mails using a variety of file names and extensions. By mid-morning Tuesday, the company said, it had intercepted over 25,000 copies of the virus.

..."Most at risk are home users who think that it's a Christmas card from somebody that they know...although it's actually from the virus sending it from a spoofed e-mail address,"...

Complete article
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 tos226



  • Members
  • 1,578 posts
  • Gender:Female
  • Location:LocalHost
  • Local time:04:14 AM

Posted 16 December 2004 - 09:53 AM

Another variant is: Erkez.D@mm
It can be in any language from sites mostly in Europe.
Description is here:
I got this from Woody's Office Watch newsletter today "Woody's EMAIL Essentials" <wow-robot@woodyswatch.com>

#4 harrywaldron


    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:14 AM

Posted 17 December 2004 - 08:43 PM

Thanks for the good additional sharing :thumbsup:

Actually at Secunia Zafi.D went High Risk :flowers:

The new variants of ATAK also disquise themselves as holiday cards.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users