Panda Virus Alert - Zafi.D Most Detected

Panda Software Reports Zafi.D is the Most Frequently Detected Virus By Users of Activescan. Orange Alert Remains as Virus Spreads Rapidly Across the Globe. Three New Worms: Atak.H, Atak.I And Atak.J Appear Bearing Xmas Messages - TruPrevent Technologies, the most intelligent technologies to combat unknown viruses and intruders, have effectively blocked and eliminated Zafi.D, without needing to be able to identify it first Glendale, CA December 15, 2004 - According to data collected via Panda Software’s free online antivirus tool ActiveScan, the Zafi.D worm, which appeared just yesterday, is already the most frequently detected virus around the globe, mainly in South America and Europe, where the most affected countries are Italy, Spain, Bulgaria and Hungary. This worm spreads in a file attached to email messages containing the text Happy holidays! As we are in the run up to Christmas, users are sending millions of greetings via email, which is helping Zafi.D to spread widely and rapidly. To prevent this worm from continuing to spread, especially through computers that do not have adequate anti-malware protection installed, Panda Software has released its free PQREMOVE utility, which detects and eliminates Zafi.D from all the computers it may have infected. This tool can be downloaded from: http://www.pandasoftware.com/download/utilities. Zafi.D is a multi-lingual worm, as it can adapt the language of the message to the domain of the email address it is being sent to, for example, a German-speaking user will receive the message in German. This significantly increases the capacity of this worm to spread. “Zafi.D is a typical example of a worm that takes advantage of important dates to spread as widely as possible. This has happened in the past, and therefore, we were not surprised when it emerged. However, Zafi.D uses social engineering effectively, above all in adapting the message to the recipient’s language, who will not be surprised to receive Christmas greetings from companies, family and friends which include an animation,” explains Luis Corrons, head of PandaLabs. What’s more, Zafi.D can be used to gain control of affected computers, as it opens a backdoor in affected computers through a communications port. This allows an attacker to connect to the port and gain remote control of the affected computer. Three new worms with Christmas messages that try to trick users have also just appeared. The three worms are: Atak.H, Atak.I and Atak.J and reach users in an email with the following characteristics: - Subject: "Merry X-Mas!" and "Happy New Year!". - Message text: "Happy New Year and wish you good luck on next year!", "Mery Chrismas & Happy New Year! 2005 will be the beginning!" - Zip file attachment called: pif, com, scr or bat. Atak.H, Atak.I and Atak.J also copy themselves to the Windows System file with the name DEC25.exe. Given that we are in the Christmas season, many users may open these files thinking that they are festive greetings. The appearance of these three variants coincides with the massive spread of Zafi.D which is now the malicious code that is most frequently detected by Panda ActiveScan. Due to the high possibility of being, Panda Software advises users to take precautions with any email messages they receive and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code. Panda Software clients who already have the new TruPrevent Technologies installed have been protected since the worm first emerged, as these preventive technologies have been able to detect and block Zafi.D without needing to be able to identify it first (more information about the new TruPrevent Technologies at http://www.pandasoftware.com/truprevent). Users can scan their computers online for free with Panda ActiveScan, available at http://www.pandasoftware.com/ For further information about Zafi.D, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=5 6161 Users can scan their computers online for free with Panda ActiveScan, available at http://www.pandasoftware.com/ About PandaLabs On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: http://www.pandasoftware.com/virus_info/ For more information: Alan Wallace [email protected]