Wednesday, June 16, 2004

New virus warning - Zafi.B - Panda Labs Alert

- Panda Software warns of the propagation of Zafi.B -
Virus Alerts, by Panda Software (

Madrid, June 14 2004 - According to data from PandaLabs, the Zafi.B worm
-first detected last weekend- is now spreading widely around the world.
Although the number of incidents caused by this malicious code is not
alarming, the extent to which it has spread geographically has increased the
risk of computers being infected by Zafi.B.

Zafi.B spreads, using its own SMTP engine, via e-mail to addresses that it
finds in infected computers in files with the following extensions: htm,
wab, txt, dbx, tbb, asp, php, sht, adb, mbx, eml and pmr.

Messages carrying Zafi.B have variable characteristics and can be written in
various languages including: English, French, Spanish, German or Italian.
For more details on the e-mails carrying Zafi.B, go to Panda Software's
Virus Encyclopedia at:

If users run the file attached to the message an Internet Explorer window
opens and tries to connect to or It also
enters several keys in the Window Registry.

Zafi.B copies itself to the infected computer in two files with random
names. It also creates infected files called "Total Commander 7.0
full_install.exe" or "winamp 7.0 full_install.exe"- in directories with
names including the words "share" or "upload".

The worm continually searches for memory process with the strings "regedit",
"task" or "msconfig" and on finding them it terminates them. It also looks
for directories that could contain antivirus programs in order to overwrite
all executable files with its own code.

To prevent incidents involving Zafi.B, Panda Software advises users to take
precautions and update their antivirus software. Panda Software has made the
corresponding updates available to its clients to detect and disinfect this
new malicious code.

For further information about Zafi.B and other computer threats, visit Panda
Software's Virus Encyclopedia at:

In addition, users can scan their computers online for free with the
ActiveScan solution, available on the company's web page at:

Links to this post:

Create a Link

<< Home