Zaffi gives IT managers an advent headache
Small businesses gearing up for the Christmas slowdown are being urged not to loosen their grip on IT security because a new computer virus is making the festive rounds.
Security experts warn the two-day old 'Zafi-D' greets the user as an apparent e-card, claiming simply to wish the recipient a 'Happy Hollyday' or a 'Merry Christmas.'
On opening the season's greetings, the worm file launches an error message ("CRC: 04F6Bh Error in packed file!") in an attempt to fool the user, it was a program that has failed to work.
It then leaves the system open for hacker attack, while it causes chaos by mass mailing itself to listed contacts in the on-screen address book.
Although the virus is considered mischievous and not malign, it has prompted one internet security firm to make a direct appeal to IT managers.
"It's sad that virus writers are exploiting the festive season in this way," said Mark Herbert, CEO at intY.
"Even if Zaffi is mischievous rather than malign, this kind of attack wastes the precious time of IT managers so it pays to not drop your guard."
Computer security firm Sophos said a more relaxed department because of Christmas celebrations made Zaffi an even bigger threat.
"Having a business environment where it's seen to be acceptable to send and receive joke programs, screensavers, and electronic greetings cards increases the risk of virus infection at any time," said Graham Cluley, technology consultant at Sophos.
"[This] can prove particularly risky during the holiday season," he said.
"When your computer data is at risk it may be wiser to avoid electronic well-wishing, and use paper and ink instead."
E-mail security firm, Message Labs, reports the virus also affects Windows tools, like Task Manager and Registry Editor, which may be disabled.
The Zafa Worm, thought to be of Hungarian origin, also has a remote access component that waits for inbound connections on TCP port 8181. Remote users can then upload or execute files via this backdoor.
Meanwhile it is estimated that cyber crime costs European firms £14.7billion to clean and recover from, while a virus outbreak costs an average of £5,000 to resolve.
In keeping with its victims, Zafi-D comes into a user's inbox in a variety of different languages, including English, French, Spanish and Hungarian.