Mobile menu

Off topic: E-mail 'worm' disguised as holiday greeting
Thread poster: Monika Coulson

Monika Coulson  Identity Verified
Local time: 03:22
Member (2001)
English to Albanian
+ ...
Dec 15, 2004

E-mail 'worm' spreads holiday jeers

Program disguised as holiday greeting poses 'medium' threat

Grinch-like virus writers are spreading their version of holiday cheer by embedding a variant of the so-called "Zafi" e-mail worm inside electronic greetings.

E-mails with the misspelled attachment "Happy Hollydays" arrived in inboxes Tuesday, with the subject line "Merry Christmas." A worm is hiding inside the attachment.

It propagates itself via e-mail contact lists when the attached file is opened and could render infected computers more vulnerable to spammers or hackers.

The worm spread overnight across 18 European countries, including Great Britain, France, Germany and Italy, but was not expected to make waves in the United States. The Europe-U.S. time difference gave antivirus companies stateside some breathing room.

"Zafi hit the European countries hard and fast this morning at 4 a.m. their time," said Patrick Hinojosa, CTO of the security software company Panda Software, "People open e-mail mainly at work though, so companies here in the U.S. would have already updated their virus protection by the time Americans were waking up."

Hinojosa said as soon as a virus is detected, security software companies scramble to reverse-engineer the code, create a detection file, and then send updated virus definitions out to clients. Most large corporations download the latest virus definitions in the wee hours, before employees arrive.

The first version of Zafi was detected last April. This is the fourth variant. The latest one, however, has a clever twist: It translates "Merry Christmas" into various languages as determined by the domain name. The worm knows that a .fr domain would probably be a French recipient, whereas a .de person would most likely speak German. An embedded translation program matches the domain name with the appropriate holiday greeting, thus increasing the likelihood of the recipient opening the mail.

"We call it social engineering," said Joe Hartmann, a director of North American Research at the antivirus company Trend Micro. "Are you going to open a message with Swedish text in it if you don't speak Swedish? Probably not. But you might if it were in your own language."

Hartmann said that this latest worm does not stack up to the big worms this year, such as Bagle, MyDoom and Netsky, which each had millions in distribution worldwide. Hartmann said Zafi has "only in the thousands, globally."

So far antivirus companies are issuing "medium" threat warnings, and will continue to monitor the worm's spread.

http://www.cnn.com/2004/TECH/internet/12/15/holiday.worm/index.html

[Edited at 2004-12-15 18:43]


Direct link Reply with quote
 
Mathew Robinson
United Kingdom
Local time: 10:22
English
Use a Firewall Dec 16, 2004

We had this arrive in our inbox on Tuesday, Windows XP Firewall on the infected machine intercepted the virus's attempt to send outgoing emails and blocked them while waiting for Symantec to update it's definitions. Norton quickly and easily found it and removed it after the definitions update.

Moral of this story... Firewalls work, use them!


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Fernanda Rocha[Call to this topic]

You can also contact site staff by submitting a support request »

E-mail 'worm' disguised as holiday greeting

Advanced search






memoQ translator pro
Kilgray's memoQ is the world's fastest developing integrated localization & translation environment rendering you more productive and efficient.

With our advanced file filters, unlimited language and advanced file support, memoQ translator pro has been designed for translators and reviewers who work on their own, with other translators or in team-based translation projects.

More info »
Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs