от: STOIL (регистриран)
A new variant of the Zafi family disguises itself as a convincing Christmas greeting
14 December 2004
W32/Zafi.D@mm started spreading on 14 December 2004 in e-mail messages containing holiday greetings in several different languages. Due to the considerable distribution this worm has gained in a short period of time W32/Zafi.D@mm has been classified as high risk. W32/Zafi.D@mm was quickly detected by FRISK Software virus analysts and virus signature files providing protection against this threat were released soon thereafter.
This new member of the Zafi family of mass-mailers uses its own SMTP engine to send itself to e-mail addresses harvested from the Windows Address Books of infected computers. W32/Zafi.D@mm tries to avoid detection by excluding e-mail addresses belonging to web administrators, antivirus companies and large Internet companies such as Google and Yahoo.
The worm itself is contained in attachments with the following endings:
.bat .zip .pif .cmd .com
The language of the holiday greeting contained in e-mails carrying W32/Zafi.D@mm depends on the domains of the e-mail addresses to which the worm sends itself. W32/Zafi.D@mm sends itself in the appropriate language to the following country specific domains:
.pl .no .fi .pt .cz .hu .fr .it .lt .sp .mx .ro .de .nl .se .at .es .ru .dk
Following is the English language text of e-mails carrying W32/Zafi.D@mm:
Sender: Pamela M.
Subject: Merry Christmas!
The latest versions of F-Prot Antivirus detect W32/Zafi.D@mm using virus signature files dated 14 December 2004 or later.
| Мнения от посетители (1):|
| Big_idolss003 (анонимен)||18.02.05 11:18:28|
|imam neshto podobno kak da se otarva we xora help me please.Moito e W32.Mota.B@mm-kak da go raskaram i za kakvo e to4no ???|
Anonymous comments are temporary disabled
||Copyright: ShakeIT IRC; dev: dzver; des: metala. Read blogs.