Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Polyglot virus for Christmas

Polyglot virus for Christmas

by Nikola Strahija on December 17th, 2004 An email worm which poses as a Christmas greeting began spreading widely. Zafi-D comes as an infectious attachment to emails written in a variety of different languages, but anti-virus firms believe it was created in Hungary.


Typically infected emails have subject lines such as 'FW: Merry Christmas', 'Happy HollyDays!' and 'Feliz Navidad!'. Embedded inside each email is a crude animated GIF graphic of two smiley faces.

The attachment name is made up of the word "postcard" in the respective language, random numbers and the extension .pif, .cmd, .bat, or .com. Windows users who open the attached file get infected.

Zafi-D harvests email addresses from compromised machines and uses its own SMTP engine to spread. It also attempts to spread through P2P networks, and to terminate firewall and anti-virus applications on infected machines. Several Windows tools, like Task Manager and Registry Editor, are disabled when the worm is active. Even worse, Zafi-D has also a back door that listens on port 8181. Crackers can upload and execute files using this backdoor, which turns infected machines into zombies.

Standard defensive precautions apply: avoid opening unsolicited attachments, even when they appear to come from people you trust; update AV tools to detect the worm.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »