W32/Zafi.b@MM is a Medium Risk mass-mailing worm that spreads via email and peer-to-peer applications. When spreading via email, the worm will both spoof the sender's From address and send itself out in different languages depending on the top level domain of the recipient's email address. For example, if the address ends in .COM, the virus's email body will appear in English. If the address ends in .DE, the email will appear in German. The worm also attempts to cripple anti-virus and firewall software installed on a user's system by locating and overwriting a user's security software with copies of itself. Furthermore, the worm will attempt to thwart manual detection by terminating key Windows processes. Up-to-date McAfee VirusScan users with DAT 4366 are protected from this threat. Learn More about W32/Zafi.b@MM
Scan for W32/Zafi.b@MM

WHAT TO LOOK FOR:

FROM: Varies (forged addresses taken from infected system). SUBJECT: Varies. Examples: You've got 1 VoiceMessage! Don't worry, be happy! Check this out kid!!! BODY: Varies. Hi Honey! I'm in hurry, but i still love ya... (as you can see on the picture) Bye - Bye: Send me back bro, when you'll be done...(if you know what i mean...) See ya, ATTACHMENT: Varies. The worm will be attached with a .pif file extension.