[vox] [OT] Anyone else getting hit with a deluge of virus email
bounces?
Bill Kendrick
nbs at sonic.net
Tue Jan 11 11:35:47 PST 2005
On Tue, Jan 11, 2005 at 11:12:01AM -0800, Mark K. Kim wrote:
> I'm getting no more spams/virus/virus-reply than usual. I'm guessing the
> virus is, once again, Outlook-related? Most of my friends use
> Hotmail/Yahoo/MSN/Gmail.
I obviously didn't look at all of the bounce emails.
(In fact, I didn't look at ANY, except the subject lines.)
However, from the subject line of many of the "you sent a virus..." ones,
I gathered that I'm being indirectly hit by W32/Zafi-D, which is actually
a worm:
http://www.sophos.com/virusinfo/analyses/w32zafid.html
Some snippets:
W32/Zafi-D harvests email addresses from the Windows Address Book and
from files found on the hard drive.
W32/Zafi-D attempts to open files containing the following strings
and keep them open so as to make them inaccessible to the user:
reged, msconfig, task
W32/Zafi-D copies itself to folders containing one of the following strings:
share, upload, music
It looks like it's a manually-activated worm (versus taking advantage of
some Outlook bug, for example), as the description doesn't mention Outlook
or Explorer, and it looks like the worm sends email messages pretending to
be holiday greeting postcards.
Pretty old-school means of propogating, really.
-bill!
bill at newbreedsoftware.com April shower bring Kompressor power!
http://newbreedsoftware.com/
More information about the vox
mailing list