Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Zafi Spreads Like Crazy

The Zafi.d worm continued to sweep through the Internet Wednesday, creating such a flood of messages as it replicated that by one security vendor's estimate, it accounted for 10 percent of the world's mail.

"Over 1 in every 10 e-mails traveling across the Internet at the moment is infected with Zafi.d," said Graham Cluley, a senior technology consultant at Sophos, in a statement. "Although anti-virus protection is available it seems there must be many home users who have been complacent and are allowing their PCs to belch out more and more infected e-mails."

Zafi.d, which probably hails from Hungary, used an old trick -- it posed as a Christmas message -- combined with a relatively new one -- it customized itself to the likely language of the recipient -- to give it an edge, analysts said. "Zafi uses social engineering effectively, above all in adapting the message to the recipient's language," said Luis Corrons, the head of Panda Software's threat lab, in another statement.

Zafi.d is also more of a threat than first reported Tuesday when the worm started circulating. After additional analysis, anti-virus vendors noted that Zafi opens a backdoor port on infected computers -- port 8181 -- and tries to download additional code from a remote server.

"The danger is that infected PCs could come under the control of remote hackers," added Sophos' Cluley. "Those hackers could use the legions of infected PCs to do whatever they want: destroy data, steal information, launch spam campaigns, or distributed denial-of-service attacks."

  • 1