View Full Version : Be careful, that e-card may be a virus

21-12-2004, 10:40 AM
from http://newpaper.asia1.com.sg/top/story/0,4136,79577,00.html?

IF you were planning to save on postage this year by sending electronic greeting cards, think again. And be careful when opening any you get.

A new virus strain masquerading as e-cards is accounting for one in every 10 e-mails hitting in-boxes, security experts warned on Wednesday.


E-mail security services firm MessageLabs reported the virus was already spreading at a rate of up to 45,000 copies per hour and was a new version of the Zafi virus from Hungary.

E-mails carrying the Zafi.D virus feature subject headings including ''FW: Merry Christmas'', ''Feliz Navidad'' and ''Joyeux Noel'' and can appear in English, French, Spanish or Hungarian, depending on the e-mail address.

The virus is using mass-mailing and P2P (peer-to-peer) techniques to squirm through in-boxes and slow network traffic to a crawl.

Once the attachment is opened, the virus launches an error message to give the appearance that the program has not worked.

It then scans the computer and sends copies to every e-mail address it can find in certain documents, attempts to disable firewall and anti-virus software, and changes Microsoft Windows registry files to ensure the virus opens each time the computer is started.

The body of the e-mail contains a ''Happy Hollydays'' greeting in green text with a yellow emoticon.

Sophos senior technology consultant Graham Cluley warned that the virus was potentially very damaging due to both its content and its timing.

He said computer users should take particular care while opening e-mail messages during the holiday season as many became complacent about opening joke e-mails and e-cards.

''Despite its disguise, Zafi-D isn't much of a Christmas present,'' he said.

''Heartless hackers and virus writers can attack at any time of the year and every computer user should be on the lookout for unusual e-mails and be wary of ever opening any unsolicited file sent via e-mail.''

Mr Cluley told eWEEK.com the Zafi-D mutant accounts for 75 per cent of all virus reports coming into the company's monitoring stations in the past 24 hours.

A spokesman for MessageLabs said the company had intercepted more than one million copies of Zafi-D since it first started squirming Tuesday.

''This one is spreading far and wide because it uses multiple languages.

''The worm has been programmed to change its disguise and communicate in the language of the target.

''That makes it a bigger threat,'' Mr Cluley said.

European anti-virus company F-Secure released a separate Zafi-D warning saying it is capable of terminating any application that has the words ''firewall'' or ''virus'' in it.

If an anti-virus application is found on the infected machine, the virus attempts to overwrite those files with a copy of itself.

''When your computer data is at risk it may be wiser to avoid electronic well-wishing and use paper and ink instead.'' - Wire services.