Mobile menu

Off topic: E-mail 'worm' disguised as holiday greeting
Thread poster: Monika Coulson

Monika Coulson  Identity Verified
Local time: 09:36
Member (2001)
English to Albanian
+ ...
Dec 15, 2004

E-mail 'worm' spreads holiday jeers

Program disguised as holiday greeting poses 'medium' threat

Grinch-like virus writers are spreading their version of holiday cheer by embedding a variant of the so-called "Zafi" e-mail worm inside electronic greetings.

E-mails with the misspelled attachment "Happy Hollydays" arrived in inboxes Tuesday, with the subject line "Merry Christmas." A worm is hiding inside the attachment.

It propagates itself via e-mail contact lists when the attached file is opened and could render infected computers more vulnerable to spammers or hackers.

The worm spread overnight across 18 European countries, including Great Britain, France, Germany and Italy, but was not expected to make waves in the United States. The Europe-U.S. time difference gave antivirus companies stateside some breathing room.

"Zafi hit the European countries hard and fast this morning at 4 a.m. their time," said Patrick Hinojosa, CTO of the security software company Panda Software, "People open e-mail mainly at work though, so companies here in the U.S. would have already updated their virus protection by the time Americans were waking up."

Hinojosa said as soon as a virus is detected, security software companies scramble to reverse-engineer the code, create a detection file, and then send updated virus definitions out to clients. Most large corporations download the latest virus definitions in the wee hours, before employees arrive.

The first version of Zafi was detected last April. This is the fourth variant. The latest one, however, has a clever twist: It translates "Merry Christmas" into various languages as determined by the domain name. The worm knows that a .fr domain would probably be a French recipient, whereas a .de person would most likely speak German. An embedded translation program matches the domain name with the appropriate holiday greeting, thus increasing the likelihood of the recipient opening the mail.

"We call it social engineering," said Joe Hartmann, a director of North American Research at the antivirus company Trend Micro. "Are you going to open a message with Swedish text in it if you don't speak Swedish? Probably not. But you might if it were in your own language."

Hartmann said that this latest worm does not stack up to the big worms this year, such as Bagle, MyDoom and Netsky, which each had millions in distribution worldwide. Hartmann said Zafi has "only in the thousands, globally."

So far antivirus companies are issuing "medium" threat warnings, and will continue to monitor the worm's spread.

http://www.cnn.com/2004/TECH/internet/12/15/holiday.worm/index.html

[Edited at 2004-12-15 18:43]


Direct link Reply with quote
 
Mathew Robinson
United Kingdom
Local time: 16:36
English
Use a Firewall Dec 16, 2004

We had this arrive in our inbox on Tuesday, Windows XP Firewall on the infected machine intercepted the virus's attempt to send outgoing emails and blocked them while waiting for Symantec to update it's definitions. Norton quickly and easily found it and removed it after the definitions update.

Moral of this story... Firewalls work, use them!


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Fernanda Rocha[Call to this topic]

You can also contact site staff by submitting a support request »

E-mail 'worm' disguised as holiday greeting

Advanced search






Across v6.3
Translation Toolkit and Sales Potential under One Roof

Apart from features that enable you to translate more efficiently, the new Across Translator Edition v6.3 comprises your crossMarket membership. The new online network for Across users assists you in exploring new sales potential and generating revenue.

More info »
LSP.expert
You’re a freelance translator? LSP.expert helps you manage your daily translation jobs. It’s easy, fast and secure.

How about you start tracking translation jobs and sending invoices in minutes? You can also manage your clients and generate reports about your business activities. So you always keep a clear view on your planning, AND you get a free 30 day trial period!

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs