The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts Top10 June 2004

FAQ Search Virus Alerts Hardware Faqs

 

 

Computer Repair
PC Maintenance
Disaster Recovery
SpyWare Removal
Company Profile
Disclaimer
Contact Information
Home Users

 

 

March 2004 August 2004 November 2004 October 2004 April 2004 July 2004 Virus Alert Calendars May 2004 September 2004 June 2004 January 2004 February 2004 Alerts 2003 Alerts Jan 2004 Alerts Feb 2004 Alerts March 2004 Alerts April 2004 Alerts Top 10 May 2004 Alerts Top10 June 2004 Alerts Top 10 July 2004 Alerts August 2004 Alerts September 2004 Alerts Oct 2004 Alerts November 2004 Alerts December 2004

 

 

 

 

Top 10 malware reported to Sophos in June 2004

Position Last
month		 Malware Percentage of reports
1 New W32/Zafi-B
   30.4%
2 2 W32/Netsky-P
   9.9%
3 1 W32/Sasser
   6.8%
4 4 W32/Netsky-D
   3.1%
5 5 W32/Netsky-Z
   2.1%
6 3 W32/Netsky-B
   1.6%
7 9 W32/Bagle-AA
   1.2%
8 6 W32/Netsky-Q
   0.8%
9 8 W32/Sober-G
   0.7%
10 7 W32/Netsky-C
   0.5%
Others 42.9%

 

 

W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file.

This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com.

W32/Zafi-B collects email addresses from files which have the following extensions:

HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT, ADB, MBX, EML and PMR.

The worm stores the collected email addresses in randomly named files with a
DLL extension in the Windows system folder.

W32/Zafi-B attempts to include itself as an attachment in email messages sent to addresses collected from the local machine. The worm will also copy itself into shared P2P folders as either 'WINAMP 7.0 FULL_INSTALL.EXE' or
'TOTAL COMMANDER 7.0 FULL_INSTALL.EXE'.

W32/Zafi-B may display a message box on screen containing the following Hungarian text:

A hajlektalanok elhelyezeset, a bunteto torvenyek szigoritasat, es a HALALBUNTETES MEGSZAVAZASAT koveteljuk a kormanytol, a novekvo bunozes ellen! 2004, jun, Pecs,(SNAF Team).

The English translation is:

We demand that the government accomodates the homeless,
tightens up the penal code and VOTES FOR THE DEATH PENALTY
to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)

Below are examples of the emails sent by W32/Zafi-B.

Subject: Ingyen SMS!
Message:
------------------------ hirdet=E9s -----------------------------
A sikeres 777sms.hu =E9s az axelero.hu t=E1mogat=E1s=E1val =FAjra
indul az ingyenes sms k=FCld=F5 szolg=E1ltat=E1s! Jelenleg ugyan
korl=E1tozott sz=E1mban, napi 20 ingyen smst lehet felhaszn=E1lni.
K=FCldj te is SMST! Neh=E1ny kattint=E1s =E9s a mell=E9kelt regisztr=E1ci=F3s lap kit=F6lt=E9se ut=E1n azonnal ig=E9nybevehet=F5! B=F5vebb inform=E1ci=F3t a www.777sms.hu oldalon tal=E1lsz, de siess,
mert az els=F5 ezer felhaszn=E1l=F3 k=F6z=F6tt =E9rt=E9kes nyerem=E9nyeket sorsolunk ki!
------------------------ axelero.hu ---------------------------

Subject: Importante!
Message: Informacion importante que debes conocer, -

Subject: E-Kort!
Message: Mit hjerte banker for dig!

Subject: Ecard!
Message: De cand te-am cunoscut inima mea are un nou ritm!

Subject: E-vykort!
Message: Till min Alskade...

Subject: E-Postkort!
Message: Vakre roser jeg sammenligner med deg...

Subject: E-postikorti!
Message: Iloista kesaa!

Subject: Atviruka!
Message: Linksmo gimtadieno!

Subject: E-Kartki!
Message: W Dniu imienin...

Subject: Cartoe Virtuais!
Message: Te amo...

Subject: Flashcard fuer Dich!
Message: Hallo!
hat dir eine elektronische Flashcard geschickt.
Um die Flashcard ansehen zu koennen, benutze in deinem Browser
einfach den nun folgenden link:
http://flashcard.de/interaktiv/viewcards/view.php3?card=267BSwr34
Viel Spass beim Lesen wuenscht Ihnen ihr...

Subject: Er staat een eCard voor u klaar!
Message: Hallo!
heeft u een eCard gestuurd via de website nederlandse
taal in het basisonderwijs...
U kunt de kaart ophalen door de volgende url aan te klikken of te
kopiren in uw browser link:
http://postkaarten.nl/viewcard.show53.index=04abD1
Met vriendelijke groet,
De redactie taalsite primair onderwijs...
Hanka

Subject: Elektronicka pohlednice!
Message: Ahoj!
Elektronick pohlednice ze serveru http://www.seznam.cz

Subject: E-carte!
Message: vous a envoye une E-carte partir du site zdnet.fr
Vous la trouverez, l'adresse suivante link:
http://zdnet.fr/showcard.index.php34bs42
www.zdnet.fr, plus de 3500 cartes virtuelles, vos pages web
en 5 minutes, du dialogue en direct...

Subject: Ti e stata inviata una Cartolina Virtuale!
Message: Ciao!
ha visitato il nostro sito, cartolina.it e ha creato una
cartolina virtuale per te! Per vederla devi fare click
sul link sottostante: http://cartolina.it/asp.viewcard=index4g345a
Attenzione, la cartolina sara visibile sui nostri server per
2 giorni e poi verra rimossa automaticamente.

Subject: You`ve got 1 VoiceMessage!
Message: Dear Customer!
You`ve got 1 VoiceMessage from voicemessage.com website!
Sender:
You can listen your Virtual VoiceMessage at the following link:
http://virt.voicemessage.com/index.listen.php2=35affv
or by clicking the attached link.
Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).

Subject: Tessek mosolyogni!!!
Message: Ha ez a k=E9p sem tud felviditani, akkor feladom!
Sok puszi:

Subject: Soxor Csok!
Szia!
Aranyos vagy, j=F3 volt dumcsizni veled a neten!
Rem=E9lem tetszem, =E9s szeretn=E9m ha te is k=FClden=E9l k=E9pet
magadr=F3l, addig is cs=F3k:

Subject: Don`t worry, be happy!
Message: Hi Honey!
I`m in hurry, but i still love ya...
(as you can see on the picture)
Bye - Bye:

Subject: Check this out kid!!!
Message: Send me back bro, when you`ll be done...(if you know what i mean...)
See ya,
 
This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser. (you need to connect to the internet first)

 

 

Copyright © 1998 The Computer Guys

 Back Home Up Next