The Web    www.100share.com    Google
 
6/11: W32/Zafi-B Sets Registry Entry
 

6/11: W32/Zafi-B Sets Registry Entry
June 11, 2004

W32/Zafi-B is a peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file and set the following registry entry to ensure that it will be run on system restart.

The following registry branch will also be created: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\_Hazafibb = \ The following registry branch will also be created: HKLM\Software\Microsoft\_Hazafibb\ This registry branch will have value names consisting of two alphanumeric characters. This worm will test for the presence of an Internet connection by attempting to connect to www.google.com or www.microsoft.com. W32/Zafi-B collects email addresses from files which have the following extensions: HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT, ADB, MBX, EML and PMR. More information is at Sophos page.

 
  • Symantec Offers Enhanced Portal for Enterprises
  • 4/12: Mytob-AS Worm Uses SMTP Engine
  • 1/10: VBS/Mcon-G Worm Spreads Via IRC
  • 8/20: Rbot-GR Has Trojan Abilities
  • Virus-Powered Phishing Unleashed
  • Windows Server 2003: Hardware-Based Security
  • Senate Debating Data Privacy Changes
  • 2/15: Randex-COX a Network-Aware Worm
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • Sun, Partners Develop Security Appliances
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • Security Camera Companies and products

    		•