The Web    Google
Author of Zafi-B Worm Trailed to Hungary

Author of Zafi-B Worm Trailed to Hungary
December 13, 2004

The author of the fourth most wide-spread bug on the Internet has been trailed to Hungary, but no arrests have been made at this point.

Steve Sundermeier, a vice president at Central Command, Inc., an anti-virus and anti-spam company based in Medina, Ohio, says the search for the author has led authorities to Hungary. It would seem to be a clear trail since Zafi-B now launches denial-of-service attacks on several Hungarian Web sites, including the Hungarian Parliament and the Web site of a governmental minister.

The worm also is known for its politically-based social engineering trick. Zafi-B entices people to open it up by making a call for the death penalty.

The Zafi-B worm, which was released into the wild on June 11, has moved into Central Command's fourth-place spot on its list of Most Dangerous Threats. It spreads itself by peer-to-peer filesharing systems and email using a wide variety of different languages.

The Zafi-B worm can send itself via email using a variety of languages. Its predecessor, W32/Zafi-A, displayed a message calling for Hungarian patriotism, according to analysts at Sophos, Inc., an anti-virus company based in Lynnfield, Mass. This variant focuses on the death penalty.

The Zafi-B worm displays a message box containing the following message in Hungarian: We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime.

''What's interesting is that this year we've had several different viruses that have had very good success spreading in Eastern Europe,'' says Ken Dunham, director of malicious code at iDefense, Inc., a security and anti-virus company. ''It's like a country-specific outbreak.''

Central Command, reports that Zafi-B accounts for 5.78 percent of all viruses in the wild.

  • How hacking has entered the age of mass production.
  • 3/16: Trojan.Alpiok Modifies Hosts File
  • DOJ Scores First Criminal P2P Convictions
  • 9/7: Rbot-FL a Network Worm, Backdoor Trojan
  • Enterprise IM Spurs Privacy Concerns
  • Report: CEOs Stagnant on Security
  • CERT: Sendmail Hacked
  • 11/8: Trojan.Beagooz Collects Addresses
  • 2/21: MyDoom-BE Worm Harvests Addresses
  • MIT Warns of Kerberos 5 Flaws
  • Cisco Warns of Voice Product Security Flaws
  • Discussion on Security Camera