The Web    Google
6/11: W32/Zafi-B Sets Registry Entry

6/11: W32/Zafi-B Sets Registry Entry
June 11, 2004

W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file and set the following registry entry to ensure that it will be run on system restart.

The following registry branch will also be created: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\_Hazafibb = \ The following registry branch will also be created: HKLM\Software\Microsoft\_Hazafibb\ This registry branch will have value names consisting of two alphanumeric characters. This worm will test for the presence of an Internet connection by attempting to connect to or W32/Zafi-B collects email addresses from files which have the following extensions: HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT, ADB, MBX, EML and PMR. More information is at Sophos page.

  • Symantec Offers Enhanced Portal for Enterprises
  • 4/12: Mytob-AS Worm Uses SMTP Engine
  • 1/10: VBS/Mcon-G Worm Spreads Via IRC
  • 8/20: Rbot-GR Has Trojan Abilities
  • Virus-Powered Phishing Unleashed
  • Windows Server 2003: Hardware-Based Security
  • Senate Debating Data Privacy Changes
  • 2/15: Randex-COX a Network-Aware Worm
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • Sun, Partners Develop Security Appliances
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • Security Camera Companies and products