Zafi.b - MEDIUM RISK, aka Erkez.B
This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).
EMAIL Format to block or avoid
From: The "From:" field of the email is spoofed.
Attachment: <random file name with .com, .exe, or .pif as extension>
Message: <random and different languages>
Edited by harrywaldron, 14 June 2004 - 07:40 AM.