New medium rated Worm Zafi.b, aka Erkez.b. 14/06/04

Discussion in 'other security issues & news' started by the mul, Jun 14, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    This new highly polymorphic worm has just been escalated to Medium Risk. It has the capability of generating the text in multiple languages which contributes to it's effectiveness in spreading. Avoid all email attachments ending with EXE, COM, and PIF (which we should always do). This new worm is network aware and can spread on a Peer-to-peer basis to open file shares on PCs and Servers.

    Zafi.b - MEDIUM RISK, aka Erkez.b

    This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).

    EMAIL Format to block or avoid

    From: The "From:" field of the email is spoofed.
    Subject: <Blank>
    Attachment: <random file name with .com, .exe, or .pif as extension>
    Message: <random and different languages>

    Ther Mul
  2. FanJ

    FanJ Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.