New worm terminates antivirus apps: F-Secure

The variant, called Zafi.B, is spread through e-mail attachments in PIF., EXE. or Com attachments, and according to F-Secure, the worm "terminates all applications that have 'firewall' or 'virus' in their file-name".

The worm is capable of transmitting in several languages, including English, Italian, Spanish, Russian, Swedish, German or Finnish, said F-Secure, and spreads itself by collecting e-mail addresses from the recipient's address book.

Zafi.B copies itself to the Windows System Directory when activated, and replicates itself as either "winamp 7.0 full_install.exe" or "Total Commander 7.0 full_install.exe" files in folders that contain "share" or "upload" in their names, according to F-Secure.

Manager for F-Secure, Mikael Albrecht, says the worm is particularly complicated as it has the capacity to penetrate firewalls and antivirus applications in order to "help itself spread further".

"Another interesting thing about this worm is that the infected messages come in many different languages. As most of the widely spread worms use only English, this feature may confuse the user to open the message - and the worm spreads on", he said.

However, Internet security corporation, Symantec, have listed the virus as having an "easy" threat containment rating and a "low" geographical distribution area.

A Symantec spokesman maintained that the worm is still "nothing significant".

"The worm tries to disable the security processes on the machine to make it more vulnerable to other attacks," said the spokesman.

He said that users who notice unusual messages regarding system vulnerability may be infected and should scan their computers to guard against further infection.