New medium rated Worm Zafi.b, aka Erkez.b. 14/06/04

Discussion in 'other security issues & news' started by the mul, Jun 14, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    This new highly polymorphic worm has just been escalated to Medium Risk. It has the capability of generating the text in multiple languages which contributes to it's effectiveness in spreading. Avoid all email attachments ending with EXE, COM, and PIF (which we should always do). This new worm is network aware and can spread on a Peer-to-peer basis to open file shares on PCs and Servers.

    Zafi.b - MEDIUM RISK, aka Erkez.b
    http://secunia.com/virus_information/9988/
    http://www3.ca.com/securityadvisor/virusin...s.aspx?id=39333
    http://vil.nai.com/vil/content/v_126242.htm
    http://www.sarc.com/avcenter/venc/data/w32.erkez.b@mm.html
    http://times.hankooki.com/lpage/tech/20040...20092511800.htm

    This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).

    EMAIL Format to block or avoid

    From: The "From:" field of the email is spoofed.
    Subject: <Blank>
    Attachment: <random file name with .com, .exe, or .pif as extension>
    Message: <random and different languages>


    Ther Mul
     
  2. FanJ

    FanJ Guest

Loading...
Thread Status:
Not open for further replies.