New worm terminates antivirus apps
A new worm variant that can terminate antivirus applications was discovered last Friday, prompting Internet security vendor F-Secure to issue a level two warning. The variant, called Zafi.B, is spread through e-mail attachments in PIF, EXE or Com attachments, and according to F-Secure, the worm “terminates all applications that have ‘firewall’ or ‘virus’ in their file-name”. The worm is capable of transmitting in several languages, including English, Italian, Spanish, Russian, Swedish, German or Finnish, said F-Secure, and spreads itself by collecting e-mail addresses from the recipient’s address book. Zafi.B copies itself to the Windows System Directory when activated, and replicates itself as either “winamp 7.0 full_install.exe” or “Total Commander 7.0 full_install.exe” files in folders that contain “share” or “upload” in their names, according to F-Secure. Full Story