"Around the holidays most people receive an increased number of e-mail greetings from friends and relatives wishing them good cheer," said Gregg Mastoras, a senior security analyst for Sophos, in a statement. "Unfortunately, the Grinches and Scrooges of the virus writing world are looking to steal the joy by infecting the innocent."
Zafi.d, which like earlier variants hails from Hungary, comes as a payload attached to messages with the subject line of "Merry Christmas." Addresses containing .com receive the English version, while other domains, such as .de or .es, receive messages with language-specific headers like "Frhliche Weihnachten!" and "Feliz Navidad!" Other languages include Hungarian, Finnish, Russian, Italian, Polish, Danish, Norwegian, French, and Swedish.
Users must open the attachment to become infected.
Although Zafi.d tries to shut down various anti-virus and firewall products, it doesn't have much of an ulterior motive, and won't, for instance, drop in a Trojan horse to exploit the infected machine later for other purposes, such as spamming or denial-of-service attacks. It uses peer-to-peer file sharing folders as another infection vector, however.