The Web    www.100share.com    Google
 
6/11: W32/Zafi-B Sets Registry Entry
 

6/11: W32/Zafi-B Sets Registry Entry
June 11, 2004

W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file and set the following registry entry to ensure that it will be run on system restart.

The following registry branch will also be created: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\_Hazafibb = \ The following registry branch will also be created: HKLM\Software\Microsoft\_Hazafibb\ This registry branch will have value names consisting of two alphanumeric characters. This worm will test for the presence of an Internet connection by attempting to connect to www.google.com or www.microsoft.com. W32/Zafi-B collects email addresses from files which have the following extensions: HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT, ADB, MBX, EML and PMR. More information is at Sophos page.

 
  • 1/12: Bobax-D Worm Exploits LSASS Flaw
  • Symantec, Veritas Leaders Tout Merger
  • Netsky-C Hammers U.S. and U.K.
  • 3/18: Agent.E Trojan Acts as HTTP Proxy
  • 1/18: Zar Worm Sends Tsunami Email
  • 4/8: Mytob-S Worm Continues to Flourish
  • Sigaba Extends Email Security To Wireless LANs, Blackberry
  • 7/29: Lovgate-AK a Mass-Mailing Worm
  • 1/12: Bobax-D Worm Exploits LSASS Flaw
  • Gilian Set to Unveil Enhanced Web Security Appliance
  • A case study in security incident forensics and response.
  • Computer security background information

    		•