Friday, December 17, 2004

Be Careful What You Open

Just in time for the holidays, some asshat (thanks, Grace!) pindick hacker turd has developed a virus disguised as an email Christmas card:
The W32/Zafi-D worm, which originated in Hungary, is using mass-mailing and P2P (peer-to-peer) techniques to squirm through in-boxes and slow network traffic to a crawl.

The worm, which poses as a Christmas greeting, has the ability to replicate in as many as 19 languages, which makes it a "very serious threat" to computer users worldwide, said Graham Cluley, a senior technology consultant at Sophos Inc.
According to a Sophos advisory, the worm arrives with the subject line "Merry Christmas," "Buon Natale!" or "Joyeux Noel!," depending on the location of the recipient.

The body of the e-mail contains a "Happy Hollydays" greeting in green text with a yellow emoticon. The virus arrives as an attachment with the following extensions: ZIP, CMD, PIF, BAT or COM.

Once executed, Zafi-D copies itself to the Windows system folder with the filename "Norton Update.exe." It then creates a number of files in the Windows system folder with filenames consisting of eight random characters and a DLL extension.

The worm has been programmed to harvest e-mail addresses from the Windows Address Book.
European anti-virus company F-Secure released a separate Zafi-D advisory with a warning that a payload is capable of terminating any application that has the words "firewall" or "virus" in it. If an anti-virus application is found on the infected machine, the virus attempts to overwrite those files with a copy of itself.

One of the reasons I use Eudora is that it's not targeted by virus writers. Also, my friends know not to send me email with nifty little attachments, lest they want to feel the heat of my wrath. Look, Nino is not so hard up for entertainment that he needs to read the latest internet joke/rumor, see some nitwit flash animation, or view some moron's command of Photoshop. As such, Nino doesn't open many attachments (unless Nino has asked someone to send him something).

Just because the email comes from a trusted source doesn't mean it's safe, kids. As you read above, viruses attack an address book and sends itself out. So unless you're 100% sure the attachment is safe, you're better off not opening anything.

You've already spent enough this holiday season without having to deal with taking your comp to the shop for a full re-format and OS re-load. Be smart.

UPDATE: My personal opinion is that virus writers, adware/malware writers, and spammers should be castrated. With a spoon. A rusty spoon.

No comments: