Начало | IRC HELP | IRC ФОРУМ | HTML Chat | Вход

от: STOIL (регистриран)

A new variant of the Zafi family disguises itself as a convincing Christmas greeting
14 December 2004

W32/Zafi.D@mm started spreading on 14 December 2004 in e-mail messages containing holiday greetings in several different languages. Due to the considerable distribution this worm has gained in a short period of time W32/Zafi.D@mm has been classified as high risk. W32/Zafi.D@mm was quickly detected by FRISK Software virus analysts and virus signature files providing protection against this threat were released soon thereafter.

This new member of the Zafi family of mass-mailers uses its own SMTP engine to send itself to e-mail addresses harvested from the Windows Address Books of infected computers. W32/Zafi.D@mm tries to avoid detection by excluding e-mail addresses belonging to web administrators, antivirus companies and large Internet companies such as Google and Yahoo.

The worm itself is contained in attachments with the following endings:

.bat .zip .pif .cmd .com

The language of the holiday greeting contained in e-mails carrying W32/Zafi.D@mm depends on the domains of the e-mail addresses to which the worm sends itself. W32/Zafi.D@mm sends itself in the appropriate language to the following country specific domains:

.pl .no .fi .pt .cz .hu .fr .it .lt .sp .mx .ro .de .nl .se .at .es .ru .dk

Following is the English language text of e-mails carrying W32/Zafi.D@mm:

Sender: Pamela M.
Subject: Merry Christmas!
Happy HollyDays!
:) [Sender]

Threat Detection
The latest versions of F-Prot Antivirus detect W32/Zafi.D@mm using virus signature files dated 14 December 2004 or later.

Мнения от посетители (1):
Big_idolss003 (анонимен)18.02.05 11:18:28
imam neshto podobno kak da se otarva we xora help me please.Moito e W32.Mota.B@mm-kak da go raskaram i za kakvo e to4no ???

Anonymous comments are temporary disabled

  Copyright: ShakeIT IRC; dev: dzver; des: metala. Read blogs.  
eXTReMe Tracker