Feeds

Polyglot virus is Xmas party pooper

Zafi-D turns PCs into zombies

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

An email worm which poses as a Christmas greeting began spreading widely yesterday. Zafi-D comes as an infectious attachment to emails written in a variety of different languages, including English, Spanish, Russian, Swedish and Hungarian. Anti-virus firms believe the worm was created in Hungary.

Typically infected emails have subject lines such as 'FW: Merry Christmas', 'Happy HollyDays!' and 'Feliz Navidad!'. Embedded inside each email is a crude animated GIF graphic of two 'smiley' faces. The attachment name is made up of the word "postcard" in the respective language, random numbers and the extension .pif, .cmd, .bat, or .com. Windows users who open the attached file get infected.

Zafi-D harvests email addresses from compromised machines and uses its own SMTP engine to spread. It also attempts to spread through P2P networks. It attempts to terminate firewall and anti-virus apps on infected machines. Several Windows tools, like Task Manager and Registry Editor, are disabled when the worm is active. Even worse, Zafi-D has also a back door that listens on port 8181. Crackers can upload and execute files using this backdoor, which turns infected machines into zombies.

Anti-virus firm MessageLabs has blocked over 25,000 copies of Zafi-D. The multilingual nature of Zafi-D (the original Zafi used only Hungarian text) helps to explain its relative success in spreading. Most anti-virus firms rate Zafi-D as a medium to high risk threat.

Standard defensive precautions apply: avoid opening unsolicited attachments, even when they appear to come from people you trust; update AV tools to detect the worm. If you think your PCs might be infected by Zafi or another virus then our guide to cleaning up PCs may come in handy. ®

Related stories

Zafi-b speaks in many tongues
Virus 'talks' to victims
Slack users blamed for virus longevity
The strange death of the mass mailing virus

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.