Christmas worm speaks in many tongues

A new worm with a Christmas message has been detected as it began spreading around the world this afternoon.

Zafi D, originally designed by Hungarian programmers, arrives with the subject line 'Happy Christmas'. However, the mutant version of the infection has become multilingual, appearing in English, Italian, Spanish, Russian, Swedish and several other languages.

Once the .pif, .cmd, .bat, .com or .zip file attachment is opened the worm copies itself to the Windows System Directory with a random .dll name and 'Norton Update.exe'. The .exe file is added to the registry key.

Zafi D then harvests email addresses and sends itself on to entries in the host address book. But in a stealthy move, email addresses featuring the names of antivirus companies are not touched.

The worm also shuts down any firewall or antivirus applications and overwrites them with copies of itself. Windows tools like task manager and registry editor are also disabled. The worm also spreads via peer-to-peer file sharing software as a 11,745-byte file.

Five antivirus vendors have identified the virus to date and protection should be available for download.

See also:

Zafi still top of the virus charts

Mass-mailer refuses to go away during relatively quiet month  01 Feb 2005

Teen virus writer dodges prison

16 year-old Brit receives six-month suspended sentence for Randex worm  21 Dec 2004

Christmas card virus hits one in 10 emails

Zafi-D spreading rapidly around the world  16 Dec 2004

Playgirl virus peels off political payload

Glamour model virus launches DoS attack against Chechen rebel websites  10 Dec 2004

Sober virus crashes November party

Old favourites still top of the virus pops  01 Dec 2004

Security

The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!