Advertisement
Promo

Security threats Toolkit

New Zafi variant goes for Google

Munir Kotadia ZDNet Australia

Published: 28 Oct 2004 12:04 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a distributed denial-of-service (DDoS) attack against Google.com, Microsoft.com and miniszterelnok.hu, which is the Web site of the Hungarian Prime Minister.

The Zafi worm has evolved since it was first discovered in April of this year. Zafi.A contained Hungarian text and only tried to send itself to email addresses inside Hungary. Also, it did not contain a destructive payload. Two months later Zafi.B was released and this time the worm was able to terminate antivirus and firewall applications and 'speak' in numerous languages, including English, Spanish, Russian and Swedish.

Mikko Hyppönen, director of antivirus Research at F-Secure, said that if Zafi.C is worse than Zafi.B there could be trouble because the second variant has been in the company's top 20 virus list since it was released.

"Zafi.C might be bigger news as the previous variant of this Hungarian virus, Zafi.B, has been in our Top 20 for the past four months. However, so far we've received few reports of this virus."

Once active, Zafi.C scans the infected computer's Windows Address Book and hard drive for email addresses. It spreads by composing emails using a "complex set of rules" and sending them out with its built-in SMTP engine.

Paul Ducklin, head of technology at Sophos, Asia Pacific, told ZDNet UK sister site ZDNet Australia that the new variants are yet to have any affect on Australian users.

"The good news for Australia is that we haven't had any reports of any infections, so these viruses rate at the bottom of the prevalence scale. It's important to remember that around 1000 new viruses turn up every month -- approximately one every 45 minutes," said Ducklin.

Wednesday was a busy day for antivirus companies because apart from dealing with the new Zafi worm they also found a new version of MyDoom and another variant of the Agobot worm, which uses an Internet Relay Chat (IRC) server to give hackers remote access to infected systems.

Ducklin said the latest Agobot is the 359th variant.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
114 out of 205 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters