Instead of the Grinch who Stole Christmas, it’s the Worm who Sneaks Into Your Computer Disguised as an Electronic Christmas Card. And oh joy, targetted specifically towards Windows systems, just to ensure you a white-out Christmas.
Yes, this year it’s the dreaded Zafi worm which is making the rounds garbed in festive holiday attire. Dressed up as an electronic Christmas card, this cheery yet dastardly worm shows up in your inbox appearing to be from someone you know (because invariably it has replicated itself in the bowels of a computer belonging to one of your correspondents, hijacked their address book, and sent itself out to you and dozens of others).
The subject of the trojan Christmas card (now there’s an interesting visual) is “Merry Christmas”, and sometimes the email also contains a message saying “Happy Hollydays (sic), Jaime”.
What makes this worm-bearing-email even more insidious is that because the user thinks it is an electronic Christmas card from someone they know, it is more plausible that it would contain a binary file, and thus the recipient is more likely to open the file and unleash the worm.
Most reputable electronic greeting card sites now send the intended card recipient a link on which they must click in order to view the card, and do not send the card binary in email.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
If you do want to send electronic Christmas cards, Aunty quite likes this independent site: DoozyCards.com.
You can read more about the Worm Before Christmas at News.com and ComputerWorld.com.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Thanks for the Alert but you got the name of the worm wrong….ZAFI not ZANI…
DECEMBER 14, 2004 (IDG NEWS SERVICE) – A new version of the Zafi e-mail worm is spreading Christmas wishes along with its malicious code, according to antivirus software companies.
Zafi.D is a mass-mailing worm that arrives in a ZIP file attached to e-mail messages with the subject “Merry Christmas.” Instead of a gift, however, the e-mail package delivers worm code that infects Microsoft Windows systems on which it is opened. Antivirus companies, including McAfee Inc., Sophos PLC and Computer Associates International Inc., issued warnings about the new worm and updated antivirus signatures to stop it.
In addition to the Christmas well wishes in the subject line, Zafi-generated e-mails contain the message “Happy Hollydays” and are signed “Jaime.”
CA researchers have collected almost 100 samples of Zafi.D since spotting the new worm variant early today, said Stefana Ribaudo, manager of the company’s eTrust Security Management division. At McAfee Inc., about 50 samples of the worm were collected, mostly from Europe, said Vincent Gullotto, vice president of McAfee’s Anti-Virus Emergency Response Team.
Both companies rated Zafi.D a “medium” threat, indicating that a number of samples have been spotted and that the worm has a destructive payload.
Like most other mass-mailing e-mail worms, Zafi.D modifies the configuration of Windows machines, shutting down other security software and harvesting e-mail addresses from files on the infected computer. After it harvests e-mail addresses, Zafi uses a built-in Simple Mail Transfer Protocol to send e-mail to those addresses with copies of the worm code, antivirus companies said.
The worm has had more luck spreading than earlier Zafi variants, possibly because of its well-timed and appealing subject line and message, which are good examples of what antivirus researchers call social engineering — subtle tricks used to gain victims’ confidence, Ribaudo said.
However, the increase in reports could be due to an initial spam distribution of the worm. The similarity of Zafi.D to its predecessors — and to other mass-mailing worms — means that it’s likely that few examples of the new worm are actually getting through to e-mail in-boxes, Gullotto said.
Antivirus experts advised e-mail users to update their antivirus software to obtain the latest virus definitions for Zafi.D and to use extreme caution when handling unexpected e-mail attachments.
A reader writes: “Thanks for the Alert but you got the name of the worm wrong….ZAFI not ZANI…”
Oh my goodness, blame it on Aunty’s fumble fingers! All fixed, and thanks for pointing it out!
Kissy kissy!
Aunty