Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Virus Disguised as Christmas Message

Don’t be fooled by this email that bears the message “Happy Holidays” and the subject line “Merry Christmas”, even when it appears to be from someone you know. Most likely, it is a worm, attached in a file that pretends to be a holiday postcard greeting and usually arrives via email and through peer-to-peer networks. The message may appear in different languages based on your country’s domain. This worm, called Zafi.d, is a variant of the Zafi worm. Zafi.d is a mass-mailing worm that when executed, copies itself twice to the %windir%system32 folder using a random name and .DLL extension. The worm copies itself to directories on the C: drive containing one of the following strings: "share", "upload" or "music". According to TechTree, this worm sends itself out in Hungarian and English, creates a registry key, so that infected files are executed every time an infected computer is turned on. Zafi.d also has the ability to search for directories of anti-virus and personal firewall software, and then overwrite the executables with a copy of itself. In an attempt to thwart manual identification and cleaning of an infected machine, the worm will also attempt to terminate processes. According to reports, the virus poses a greater threat to home users as it is most frequently attached to email as a .php file. Home-based Web users may be less diligent in updating their anti-virus software. Attachments appear at 12 KB in size. Once inside the infected system, the worm drops a copy of itself under a legitimate-sounding file name. Source:

print this article

Return to internet news headlines
View Internet News Archive

Share with: