homealone
15-12-2004, 14:06
A new virus, Zafi-D, has been detected - one of the subject lines used is 'FW-Merry Christmas'
Zafi-D harvests email addresses from compromised machines and uses its own SMTP engine to spread. It also attempts to spread through P2P networks. It attempts to terminate firewall and anti-virus apps on infected machines. Several Windows tools, like Task Manager and Registry Editor, are disabled when the worm is active. Even worse, Zafi-D has also a back door that listens on port 8181. Crackers can upload and execute files using this backdoor, which turns infected machines into zombies.
Anti-virus firm MessageLabs has blocked over 25,000 copies of Zafi-D. The multilingual nature of Zafi-D (the original Zafi used only Hungarian text) helps to explain its relative success in spreading. Most anti-virus firms rate Zafi-D as a medium to high risk threat
- be careful out there people :)
Zafi-D harvests email addresses from compromised machines and uses its own SMTP engine to spread. It also attempts to spread through P2P networks. It attempts to terminate firewall and anti-virus apps on infected machines. Several Windows tools, like Task Manager and Registry Editor, are disabled when the worm is active. Even worse, Zafi-D has also a back door that listens on port 8181. Crackers can upload and execute files using this backdoor, which turns infected machines into zombies.
Anti-virus firm MessageLabs has blocked over 25,000 copies of Zafi-D. The multilingual nature of Zafi-D (the original Zafi used only Hungarian text) helps to explain its relative success in spreading. Most anti-virus firms rate Zafi-D as a medium to high risk threat
- be careful out there people :)