Oh my goodness, blame it on Aunty’s fumble fingers! All fixed, and thanks for pointing it out!

Kissy kissy!

Aunty

In addition to the Christmas well wishes in the subject line, Zafi-generated e-mails contain the message “Happy Hollydays” and are signed “Jaime.”

CA researchers have collected almost 100 samples of Zafi.D since spotting the new worm variant early today, said Stefana Ribaudo, manager of the company’s eTrust Security Management division. At McAfee Inc., about 50 samples of the worm were collected, mostly from Europe, said Vincent Gullotto, vice president of McAfee’s Anti-Virus Emergency Response Team.

Both companies rated Zafi.D a “medium” threat, indicating that a number of samples have been spotted and that the worm has a destructive payload.

Like most other mass-mailing e-mail worms, Zafi.D modifies the configuration of Windows machines, shutting down other security software and harvesting e-mail addresses from files on the infected computer. After it harvests e-mail addresses, Zafi uses a built-in Simple Mail Transfer Protocol to send e-mail to those addresses with copies of the worm code, antivirus companies said.

The worm has had more luck spreading than earlier Zafi variants, possibly because of its well-timed and appealing subject line and message, which are good examples of what antivirus researchers call social engineering — subtle tricks used to gain victims’ confidence, Ribaudo said.

However, the increase in reports could be due to an initial spam distribution of the worm. The similarity of Zafi.D to its predecessors — and to other mass-mailing worms — means that it’s likely that few examples of the new worm are actually getting through to e-mail in-boxes, Gullotto said.

Antivirus experts advised e-mail users to update their antivirus software to obtain the latest virus definitions for Zafi.D and to use extreme caution when handling unexpected e-mail attachments.