When Santa makes his list of who's naughty or nice, he just might be checking off whomever is responsible for a Zafi worm variant that's snaking around the Internet in the disguise of a harmless e-Christmas card.
Known as Zafi.D, the worm comes attached to email Christmas cards with a twist: each one uses a Christmas greeting in the language of the intended recipient as determined by country code, according to F-Secure antivirus research chief Mikko Hyppoenen.
Otherwise, Zafi.D is a "traditional" worm: infecting computers by email and sending itself by using email lists on contaminated machines. But it also opens a backdoor on infected machines that lets outsiders use those machines as spam zombies or launch attacks against Web sites.
"We think this worm will be big," Hyppoenen told reporters of Zafi.D, "because of its timing and the fact that it comes in 15 different European languages." He noted earlier Zafi variants were highly dangerous – Zafi.B is still rated among the top ten most virulent worms months after it premiered.
But Hyppoenen also said this may be the first Zafi disguised as a Christmas greeting but the technique itself isn't exactly new. "We have seen these hoaxes for several Christmases already," he said, "and personally I prefer traditional pen and paper cards, and we recommend this to all our clients too."
