December 16, 2004 11:21 AM PST
Zafi worm proves a holiday pest
Sophos said the worm is responsible for 72 percent of virus reports in the last 24 hours.
"It's generating a lot of e-mail," said Graham Cluley, senior technology consultant at Sophos. "It's a bit quieter today than yesterday, when it was one in 10 e-mails. This is curious, because it's sending a lot of e-mail, but not necessarily everyone is receiving it."
Antivirus companies warned on Tuesday that the seasonal worm, which travels as an e-mail attachment, opens a back door that allows hackers to take remote control of infected PCs.
Cluley said that once the worm has penetrated a contacts book to send itself to the e-mail addresses stored there, it creates a large number of made-up e-mail addresses using existing domain names--for example, firstname.lastname@example.org. Many of these e-mail addresses are reaching gateway servers, but not going any further, Cluley said.
"E-mail gateways will receive the message, but may not be able to send on that e-mail traffic. That means it doesn't get to everyone, but we still think it's a very aggressive virus. I think it will begin to disappear, but saying that, past Zafis have continued to lurk around for a while," Cluley said.
Russian antivirus company Kaspersky Labs said that most of Zafi's activity has been detected in Hungary. It said that the word Zafi comes from Hungarian word "hazafi," which means "patriot."
The worm, which was discovered on Tuesday, uses a variety of languages to spread, including English, French, Spanish and Hungarian.
Dan Ilett of ZDNet UK reported from London.