Beware of ‘X,mas’ wishes from Zafi.D

By : |December 14, 2004 0



NEW DELHI: PandaLabs has detected the appearance of the new Zafi.D worm, which spreads in messages that pass themselves off as Christmas greetings, as well as through P2P (peer-to-peer) file sharing applications.



Panda Software’s international tech support network has already stated to receive reports of incidents caused by Zafi.D in a large number of countries. For this reason, the company has advised users to take precautions with any email messages they receive. Due to the possibility of being infected by Zafi.D, Panda Software advises users to take precautions and update their anti-virus software.


Zafi.D reaches computers in an email message whose subject is a person’s name selected at random and the message text Happy holidays! in the language corresponding to the domain of the email address the message is being sent to.


If the user runs this file, which actually contains Zafi.D, a false error message is displayed on screen and the worm sends itself out via email, using its own SMTP engine, to all the addresses it finds in the files with certain extensions stored on the affected computer. This worm ends any processes running in memory that contain the text firewall or virus. Similarly, it prevents access to applications that contain the text reged, msconfig or task.


What’s more, Zafi.D inserts several entries in the windows registry in order to ensure it is run whenever the computer is started up. In order to spread via P2P application, Zafi.D copies itself to all the folders in the C: drive whose path contains the text share, upload or music. These names of these files are winamp 5.7 new!.exe or ICQ 2005a new!.exe.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.