Worm attacks Google, Microsoft and the Hungarian Prime Minister

Worm attacks Google, Microsoft and the Hungarian Prime Minister

Summary: The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a DDoS attack against Google.

SHARE:
1
The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a DDoS attack against Google.com, Microsoft.com and miniszterelnok.hu, which is the Web site of the Hungarian Prime Minister.

The Zafi worm has evolved since it was first discovered in April of this year. Zafi.A contained Hungarian text and only tried to send itself to e-mail addresses inside Hungary. Also, it did not contain a destructive payload. Two months later Zafi.B was released and this time the worm was able to terminate antivirus and firewall applications and 'speak' in numerous languages, including English, Spanish, Russian and Swedish.

Mikko Hyppönen, director of antivirus Research at F-Secure said that if Zafi.C is worse than Zafi.B there could be trouble because the second variant has been in the company's top 20 virus list since it was released.

"Zafi.C might be bigger news as the previous variant of this Hungarian virus, Zafi.B, has been in our Top 20 for the past four months. However, so far we've received few reports of this virus".

Once active, Zafi.C scans the infected computer's Windows Address Book and hard drive for e-mail addresses. It spreads by composing e-mails using a -complex set of rules" and sending them out with its built-in SMTP engine.

Paul Ducklin, head of technology at Sophos, Asia Pacific, told ZDNet Australia  that the new variants are yet to have any affect on Australian users.

"The good news for Australia is that we haven't had any reports of any infections, so these viruses rate at the bottom of the prevalence scale. It's important to remember that around 1000 new viruses turn up every month -- approximately one every 45 minutes," said Ducklin.

Wednesday was a busy day for antivirus companies because apart from dealing with the new Zafi worm they also found a new version of MyDoom and another variant of the Agobot worm, which uses an Internet Relay Chat (IRC) server to give hackers remote access to infected systems.

Ducklin said the latest Agobot is the 359th variant.

Topics: Google, Government, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Back in April, I realized the sophistication of virus writers had matched the industry. They were simply logically testing, within one national domain boundary - yes, without a payload, actually to succesfully lower the apparant threat. I expect they do understand the difference between marketing and real information, from Security Companies very well, since they are the subject of conversation.

    Virus Writers One, Anti-Virus Company's Zero.

    Why is anyone surprised that virus writers might test first, and that the next phase of testing has begun? Please respond.
    rogerclose