|
||
|
Title: W32/Zafi.d@MM Post by Svenn on Dec 15th, 2004, 3:19pm Offering a fake holiday greeting, W32/Zafi.d@MM is a Medium Risk mass-mailing worm that arrives as an email attachment. When run, the worm displays a fake error message (Error in packed file!), infects the host computer and emails itself to stolen email addresses using the infected computer's Internet connection. Like previous variants, the worm sends itself in different languages depending on the recipient's address. For example, a .COM mail address receives an English message, a .DE mail address receives German. Note: To fortify your anti-virus defense against threats like W32/Zafi.d@MM that need Internet access to spread, we recommend installing McAfee Personal Firewall Plus. What should I look for? FROM: Varies (forged addresses taken from infected system) SUBJECT: Example: Fw: Merry Christmas! BODY: Example: Happy Hollydays! ATTACHMENT: Example: postcard.php8583.zip How do I know if I've been infected? Fake error message displayed. Alerts from a desktop firewall (if installed) that a new application is asking for Internet access. TCP port 8181 open on the infected system. How do I find out more? View details about W32/Zafi.d@MM here. Svenn |
||
|
Title: Re: W32/Zafi.d@MM Post by brain_cramps on Dec 15th, 2004, 3:44pm on 12/15/04 at 15:19:06, Svenn wrote:
Where? Here? http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html grant ;) |
||
|
Title: Re: W32/Zafi.d@MM Post by firebrix on Dec 15th, 2004, 4:47pm Thank you Svenn! Keeping us safe again! Last Xmas our friend got a brand new computer. Within one hour of using it, it had been so badly infected it wouldn't boot. This time of year is often fraught with dangers and maybe the AV people don't have time to update as regularly as usual? Be careful out there. firebrix |
||
|
Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1! YaBB © 2000-2003. All Rights Reserved. |