A new worm variant that can terminate antivirus applications was discovered last Friday, prompting Internet security vendor F-Secure to issue a level two warning. The variant, called Zafi.B, is spread through e-mail attachments in PIF, EXE or Com attachments, and according to F-Secure, the worm “terminates all applications that have ‘firewall’ or ‘virus’ in their file-name”. The worm is capable of transmitting in several languages, including English, Italian, Spanish, Russian, Swedish, German or Finnish, said F-Secure, and spreads itself by collecting e-mail addresses from the recipient’s address book. Zafi.B copies itself to the Windows System Directory when activated, and replicates itself as either “winamp 7.0 full_install.exe” or “Total Commander 7.0 full_install.exe” files in folders that contain “share” or “upload” in their names, according to F-Secure. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.