Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Zafi.B worm can terminate antivirus programs

  • 15 June, 2004 10:04

<p>As an Australian Distributor for F-Secure for over 8 years, Open Systems Australia would like to provide you with the following news release.</p>
<p>Zafi.B worm can terminate antivirus programs</p>
<p>The new variant spreads fast in several different languages</p>
<p>F-Secure is warning the computer users of a new variant of Zafi email worm -Zafi.B - that was found in the wild on Friday, June 11th. Due to the worm's spreading speed, it was raised to Radar level 2 alert on Sunday, May 13th. The worm spreads by email in variable PIF.-, .EXE-, or COM -attachments. It also sends the messages in several different languages; e.g. in English,
Italian, Spanish, Russian, Swedish, German or Finnish.</p>
<p>Like a typical email worm, Zafi.B also gathers addresses from the users address books and then spreads by sending itself to those addresses. When the worm activates, it copies itself to the Windows System Directory with a random .DLL and random .EXE name. After this the worm scans through all directories in the system and replicates as either 'winamp 7.0 full_install.exe' or 'Total Commander 7.0 full_install.exe' to all folders that contain 'share' or 'upload' in their name. In addition to this, it terminates all applications that have 'firewall' or 'virus' in their filename.</p>
<p>"This worm is tricky, as it has a feature that can close down firewalls and antivirus programs in order to help itself spread further", Mikael Albrecht, the product Manager at F-Secure explains. "But that's not all. Another interesting thing about this worm is that the infected messages come in many different languages. As most of the widely spread worms use only English, this feature may confuse the user to open the message - and the worm spreads on", he continues.</p>
<p>As an example an email message sent by Zafi.B may look like this:</p>
<p>Sender: Jennifer
Subject: eYou`ve got 1 VoiceMessage!
Attachment: "link.voicemessage.com.listen.index.php1Ab2c.pif"</p>
<p>Message body:</p>
<p>Dear Customer!
You`ve got 1 VoiceMessage from voicemessage.com website!
You can listen your Virtual VoiceMessage at the following link:
http://virt.voicemessage.com/index.listen.php2=35affv
or by clicking the attached link.
Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).</p>
<p>Examples of the messages in other languages as well as more detailed technical description of the Zafi.B worm are available in the F-Secure Virus Description Database at
http://www.f-secure.com/v-descs/zafi_b.shtml</p>
<p>F-Secure Anti-Virus can detect and remove the Zafi.B worm. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com.</p>
<p>About F-Secure</p>
<p>F-Secure Corporation protects individuals and businesses against computer
viruses and other threats coming through the Internet or mobile networks. Our
award-winning solutions include antivirus, desktop firewall with intrusion
prevention and network encryption. Our key strength is the speed of response
to new threats and for businesses our solutions feature centralized
management. Founded in 1988, F-Secure has been listed on the Helsinki
Exchanges since 1999. We have our headquarters in Helsinki, Finland, and
offices in USA, France, Germany, Sweden, the United Kingdom and Japan.
F-Secure is supported by a global ecosystem of value added resellers and
distributors in over 50 countries. F-Secure protection is also available
through major Internet Service Providers, such as Deutsche Telekom and
leading mobile equipment manufacturers, such as Nokia.</p>
<p>About OSA
Open Systems Australia is a Canberra-based organization that was established in 1991 to cater to the computing infrastructure requirements of both Government and Private Enterprise. The company distributes leading information technology products and total systems solutions accompanied with professional and dedicated sales and support services. Open Systems Australia provides products and services to an extensive network of over 1200 value-added Resellers and major System Integration companies Australia wide. For additional information please visit: http://www.opensystems.com.au</p>
<p>For further information please contact:</p>
<p>Sarah Hawkins
Marketing Manager
Open Systems Australia
02 6261 4900
sarah.hawkins@opensystems.com.au</p>

Most Popular

Brand Post

Most Popular Reviews

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?