martymas Posted December 14, 2004 Report Share Posted December 14, 2004 yow team here is a light warning from trend microDear Trend Micro customer,As of December 14, 2004 8:13 AM PST, TrendLabs has declared a Medium RiskVirus Alert to control the spread of WORM_ZAFI.D. TrendLabs hasreceived several infection reports indicating that this malware is spreading inGermany, France and Spain.The following is a brief overview of the worm process:This worm spreads via email or peer-to-peer (P2P) file-sharingnetworks. Here is a sample of the email:Subject: Re: Merry Chrsitmas! Message body: Happy Hollydays! Pamela M. Attachment: postcard.index.php1111.pif Note that the language of the email may change depending on the domain ofthe recipients.TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 137 Official Pattern Release 2.297.00 Damage Cleanup Template 467For more information on WORM_ZAFI.D, you can visit our Web site at:http://www.trendmicro.com/vinfo/virusencyc...ame=WORM_ZAFI.DYou can modify subscription settings for Trend Micro newsletters at:http://www.trendmicro.com/subscriptions/default.asp----------------------------------------------o0o----IMPORTANT NOTE!TrendLabs will also be releasing a 3-digit pattern file 986 thatcorresponds with the pattern indicated in this email. This 3-digit pattern is aspecial release for users running non-NPF compliant products (i.e., old3-digit pattern format) and is designed to provide protection against themost current malware threats. Users running non-NPF compliant products arestill urged to apply the NPF solution <http://www.trendmicro.com/en/support/npf/overview.htm>. These users may also upgrade to the latestproduct version. Only NPF-compliant products will be able to update withregular pattern releases.______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...67.40b_.2e_z18zTo view our permission marketing policy: http://www.rsvp0.netCopyright 1989-2004 Trend Micro, Inc. All rights reservedTrend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA95014 Quote Link to post Share on other sites
tg1911 Posted December 14, 2004 Report Share Posted December 14, 2004 Thanks for the heads-up, marty. Quote Link to post Share on other sites
thesidekickcat Posted December 16, 2004 Report Share Posted December 16, 2004 Thanks for the warning.This mass mailing worm does sound like a big problem. It will attempt to lower your security settings, terminate processes, and open a back door on your compromised computer. Ugh!!! There was a Norton antivirus update again today, which made me curious, so I checked out their security site and found their info on this bad dude. They rate it a 3 risk on a scale of 1-5. And they have a removal tool for it.Symantec Security ResponseIt is the top one listed today, under the name of W32.Erkez,D@mm. Click on it or any other one on the list for more info including removal instructions and tools.God bless everyone. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.