A new version of the Zafi e-mail worm is spreading seasonal greetings along with its malicious code, according to antivirus software companies.
Zafi.D is a mass-mailing worm that arrives in a Zip file attached to e-mail messages with the subject "Merry Christmas." Instead of a gift, however, the e-mail package delivers worm code that infects Windows systems on which it is opened.
Antivirus companies have issued warnings about the new worm and updated antivirus signatures to stop the new threat.
Zafi-generated e-mails also contain the message "Happy Hollydays" and are signed "Jaime".
CA researchers collected almost 100 samples of Zafi.D since spotting the new worm variant early Tuesday, said Stefana Ribaudo, manager of the company's eTrust Security Management division.
At McAfee around 50 samples of the worm were collected, mostly from Europe, said Vincent Gullotto, vice-president of its Anti-Virus Emergency Response Team.
Both companies rated Zafi.D a "medium" threat, indicating that a number of samples have been spotted, and that the worm has a destructive payload.
Like most other mass-mailing e-mail worms, Zafi.D modifies the configuration of Windows machines, shutting down other security software and harvesting e-mail addresses from files on the infected computer and uses a built-in SMTP to send the infected e-mail to those addresses.
The worm has had more luck spreading than earlier Zafi variants, possibly because of its well-timed and appealing subject line and message, which are good examples of what antivirus researchers call "social engineering" - subtle tricks used to gain victims' confidence, Ribaudo said.
However, the increase in reports could be due to an initial spam distribution of the worm. The similarity of Zafi.D to its predecessors means that it is likely that few examples of the new worm are actually getting through to e-mail inboxes, Gullotto said.
Antivirus experts advised e-mail users to update their antivirus software to obtain the latest virus definitions for Zafi.D and to use extreme caution when handling unexpected e-mail attachments.
Paul Roberts writes for IDG News Service