Volume 3   Issue  37                      December   2004

                 

E-mail 'Worm' Spreads Holiday Jeers
Program disguised as holiday greeting poses 'medium' threat
CNN News, By Alex Walker, December 15, 2004

Grinch-like virus writers are spreading their version of holiday cheer by embedding a variant of the so called "Zafi" e-mail worm inside electronic greetings.

E-mails with the misspelled attachment "Happy Hollydays" arrived in inboxes Tuesday, with the subject line "Merry Christmas." A worm is hiding inside the attachment. It propagates itself via e-mail contact lists when the attached file is opened and could render infected computers more vulnerable to spammers or hackers.

The worm spread overnight across 18 European countries, including Great Britain, France, Germany and Italy, but was not expected to make waves in the United States. The Europe- U.S. time difference gave antivirus companies stateside some breathing room. "Zafi hit the European countries hard and fast this morning at 4 a.m. their time," said Patrick Hinojosa, CTO of the security software company Panda Software, "People open e-mail mainly at work though, so companies here in the U.S. would have already updated their virus protection by the time Americans were waking up." Hinojosa said as soon as a virus is detected, security software companies scramble to reverse-engineer the code, create a detection file, and then send updated virus definitions out to clients. Most large corporations download the latest virus definitions in the wee hours, before employees arrive.

The first version of Zafi was detected last April. This is the fourth variant. The latest one, however, has a clever twist: It translates "Merry Christmas" into various languages as determined by the domain name.

The worm knows that a .fr domain would probably be a French recipient, whereas a .de person would most likely speak German. An embedded translation program matches the domain name with the appropriate holiday greeting, thus increasing the likelihood of the recipient opening the mail. "We call it social engineering," said Joe Hartmann, a director of North American Research at the antivirus company Trend Micro. "Are you going to open a message with Swedish text in it if you don't speak Swedish? Probably not. But you might if it were in your own language." Hartmann said that this latest worm does not stack up to the big worms this year, such as Bagle, MyDoom and Netsky, which each had millions in distribution worldwide. Hartmann said Zafi has "only in the thousands, globally."

So far antivirus companies are issuing "medium" threat warnings, and will continue to monitor the worm's spread.

© 2004 Cable News Network LP, LLLP.
Have you seen a safety device you think our readers should know about?
Does your company make or sell a safety device you would like to see featured in this column?
If so, please email the information about the device to Safety Issues.
The purpose of this column is to make your life safer with the use of the latest technology.
Neither Safety Issues nor its affiliated companies are responsible for any opinions expressed in this column.
Thank you for reading this column.

 

© 2008 SafetyIssues.com All rights reserved.