forwardone
06-15-04, 12:35 AM
I received this today from one of the Antivirus/Internet security programs I am with.
Quote:-
Worm.Win32.Zafi.B Alert!
The new internet worm Zafi.B spreads very fast mainly via email attachments, but also via filesharing networks. The message subject and body text differs depending on the domain extension of the receiver's email address. Target email addresses are collected on the local computer and extracted from several files like temporary internet files and email addressbooks.
Infection
Once opened and installed, the worm sets an autorun entry at the system registry. If it is run, the worm spreads itself to all available email addresses. It also runs a module that attempts to flood some Hungarian websites.
The email text is available in many languages. The text advises the user to open the file attachment which seems to be a greating card. Here is an example of the English email:
Subject: You`ve got 1 VoiceMessage!
Body: Dear Customer!
You`ve got 1 VoiceMessage from voicemessage.com website!
Sender:
You can listen your Virtual VoiceMessage at the following link:
Link deleted by me
or by clicking the attached link.
Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).
Attachment: link.voicemessage.com.listen.index.php1Ab2c.pif
Zafi.B can be detected and removed with aČ with the latest signature updates loaded. The aČ background guard blocks the worm immediately if it is started.
A more detailed description of the worm can be found at the aČ Malware Database:
http://www.emsisoft.com/en/
Sincerley yours
-----------------------------------------------------------------------------------
Another one to be aware of. :-k
Geoff
Quote:-
Worm.Win32.Zafi.B Alert!
The new internet worm Zafi.B spreads very fast mainly via email attachments, but also via filesharing networks. The message subject and body text differs depending on the domain extension of the receiver's email address. Target email addresses are collected on the local computer and extracted from several files like temporary internet files and email addressbooks.
Infection
Once opened and installed, the worm sets an autorun entry at the system registry. If it is run, the worm spreads itself to all available email addresses. It also runs a module that attempts to flood some Hungarian websites.
The email text is available in many languages. The text advises the user to open the file attachment which seems to be a greating card. Here is an example of the English email:
Subject: You`ve got 1 VoiceMessage!
Body: Dear Customer!
You`ve got 1 VoiceMessage from voicemessage.com website!
Sender:
You can listen your Virtual VoiceMessage at the following link:
Link deleted by me
or by clicking the attached link.
Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).
Attachment: link.voicemessage.com.listen.index.php1Ab2c.pif
Zafi.B can be detected and removed with aČ with the latest signature updates loaded. The aČ background guard blocks the worm immediately if it is started.
A more detailed description of the worm can be found at the aČ Malware Database:
http://www.emsisoft.com/en/
Sincerley yours
-----------------------------------------------------------------------------------
Another one to be aware of. :-k
Geoff