Zafi-D is nothing to smile about, as mass-mailing virus spreads
Christmas fear rather than cheer..
 |
| The Zafi-D worm can embed an animated image of
two "smileys" into its malicious emails. |
Anti-virus experts at Sophos have detected a new in-the-wild
email worm which is spreading via email disguised as a Christmas
greeting.
The W32/Zafi-D
worm, which is believed to have been written in Hungary, spreads an
attached file inside emails offering seasonal greetings to the
recipient. The emails can use a variety of different languages
including English, French, Spanish and Hungarian.
Emails can contain messages as "FW: Merry Christmas", "Joyeux
Noel!" and "Feliz Navidad!". Embedded inside the email is a crude
animated GIF graphic of two "smiley" faces.
If the attached viral file is launched, the Zafi-D worm displays
an error message ("CRC: 04F6Bh Error in packed file!") in an
attempt to fool the user that it was simply a program that has
failed to work properly rather than a disguise for virus
infection.
 |
| A typical message sent by the W32/Zafi-D
worm |
"Despite its disguise, Zafi-D isn't much of a Christmas present.
Users who open the attached file will trigger the virus into
action, infecting their PC and potentially opening it up to hacker
attack," said Graham
Cluley, senior technology consultant for Sophos. "Heartless
hackers and virus writers can attack at any time of year, and every
computer user should be on the lookout for unusual emails and be
wary of ever opening any unsolicited file they are sent via
email."
Sophos advises companies to be as suspicious during the holiday
season as they would be at any other time of the year.
"Having a business environment where it's seen to be acceptable
to send and receive joke programs, screensavers, and electronic
greetings cards increases the risk of virus infection at any time -
but can prove particularly risky during the holiday season,"
continued Cluley. "When your computer data is at risk it may be
wiser to avoid electronic wellwishing, and use paper and ink
instead."
Sophos recommends companies protect their email gateways with a
consolidated solution to thwart the virus
and spam threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
Other versions of the Zafi worm have successfully spread in the
wild:
W32/Zafi-C
Attacked the website of the newly appointed Hungarian Prime
Minister.
W32/Zafi-B
Calls for the introduction of the death penalty in Hungary.
W32/Zafi-A
Displays a message calling for Hungarian patriotism, timed to
coincide with the country joining the European Union.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.