Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Zafi.D Spreads Some Festive Misery
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-14-2004, 11:22 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thumbs down
MessageLabs, the leading provider of managed email security services to businesses worldwide, is warning computer users against the W32/Zafi.D-mm virus, another variant of the Zafi family of viruses. MessageLabs have intercepted over 25,000 copies so far. The first copy was intercepted on 13th December 2004 at 20:34 GMT.

General

W32/Zafi.D-mm is a mass mailing virus that uses its own SMTP engine to spread and harvests email addresses from compromised machines. The virus also attempts to replicate via P2P applications.

The “from:” field of the email is spoofed and the body of the Zafi.D emails may be in English, as well as many other languages. Previously, the original Zafi.A used only Hungarian.

The virus is attached to Christmas greeting messages, and attached as a variety of different filenames and extensions. For example based on the initial copies intercepted, the following attachments were identified:

Filename
card.php3686.cmd
postcard.php5682.cmd
xmascard.php8238.cmd
wishcard.php5147.pif
giftcard.id7165.cmd
xmascard.php4016.com
card.php8077.cmd
giftcard.id6325.com
giftcard.id3435.cmd
giftcard.php1051.com
link.postcard.christmas.index.htm1712.bat
link.postcard.index.htm6006.cmd
postcard.christmas.index.gif0335.cmd
postcard.christmas.index.gif4451.cmd
postcard.gif0715.cmd
postcard.gif2635.bat
postcard.index.gif6540.cmd
postcard.jpg2157.cmd
postcard.php6184.cmd
wishcard.php5662.com
wishcard.php5762.cmd
wishcard.php7500.cmd
xmascard.id2055.cmd
xmascard.php2544.cmd
xmascard.php8505.cmd

The recipient must manually open the attachment in order for it to be executed, upon which it will attempt to disable any running firewall and antivirus software.

Windows tools, like the Task Manager and the Registry Editor may also be disabled.

Zafi.D has a remote access component that waits for inbound connections on TCP port 8181. Remote users can then upload and execute files via this backdoor.

Subject lines:

* boldog karacsony...
* Feliz Navidad!
* Fw: boldog karacsony...
* Fw: Joyeux Noel!
* Fw: Merry Christmas!
* Merry Christmas!
Reply With Quote
Posted


Reply

« Previous Thread | Next Thread »
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 11:12 PM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

Firefox 2