Re: [vox] [OT] Anyone else getting hit with a deluge of virus emailbounces?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] [OT] Anyone else getting hit with a deluge of virus emailbounces?
On Tue, Jan 11, 2005 at 11:12:01AM -0800, Mark K. Kim wrote:
> I'm getting no more spams/virus/virus-reply than usual. I'm guessing the
> virus is, once again, Outlook-related? Most of my friends use
> Hotmail/Yahoo/MSN/Gmail.
I obviously didn't look at all of the bounce emails.
(In fact, I didn't look at ANY, except the subject lines.)
However, from the subject line of many of the "you sent a virus..." ones,
I gathered that I'm being indirectly hit by W32/Zafi-D, which is actually
a worm:
http://www.sophos.com/virusinfo/analyses/w32zafid.html
Some snippets:
W32/Zafi-D harvests email addresses from the Windows Address Book and
from files found on the hard drive.
W32/Zafi-D attempts to open files containing the following strings
and keep them open so as to make them inaccessible to the user:
reged, msconfig, task
W32/Zafi-D copies itself to folders containing one of the following strings:
share, upload, music
It looks like it's a manually-activated worm (versus taking advantage of
some Outlook bug, for example), as the description doesn't mention Outlook
or Explorer, and it looks like the worm sends email messages pretending to
be holiday greeting postcards.
Pretty old-school means of propogating, really.
-bill!
bill@newbreedsoftware.com April shower bring Kompressor power!
http://newbreedsoftware.com/
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
|
