Warning: Holidays email worm

E-mail 'worm' spreads holiday jeers

Program disguised as holiday greeting poses 'medium' threat

By Alex Walker, CNN

(CNN) -- Grinch-like virus writers are spreading their version of holiday cheer by embedding a variant of the so-called "Zafi" e-mail worm inside electronic greetings.

E-mails with the misspelled attachment "Happy Hollydays" arrived in inboxes Tuesday, with the subject line "Merry Christmas." A worm is hiding inside the attachment.

It propagates itself via e-mail contact lists when the attached file is opened and could render infected computers more vulnerable to spammers or hackers.

The worm spread overnight across 18 European countries, including Great Britain, France, Germany and Italy, but was not expected to make waves in the United States. The Europe-U.S. time difference gave antivirus companies stateside some breathing room.

"Zafi hit the European countries hard and fast this morning at 4 a.m. their time," said Patrick Hinojosa, CTO of the security software company Panda Software, "People open e-mail mainly at work though, so companies here in the U.S. would have already updated their virus protection by the time Americans were waking up."

Hinojosa said as soon as a virus is detected, security software companies scramble to reverse-engineer the code, create a detection file, and then send updated virus definitions out to clients. Most large corporations download the latest virus definitions in the wee hours, before employees arrive.

The first version of Zafi was detected last April. This is the fourth variant. The latest one, however, has a clever twist: It translates "Merry Christmas" into various languages as determined by the domain name. The worm knows that a .fr domain would probably be a French recipient, whereas a .de person would most likely speak German. An embedded translation program matches the domain name with the appropriate holiday greeting, thus increasing the likelihood of the recipient opening the mail.

"We call it social engineering," said Joe Hartmann, a director of North American Research at the antivirus company Trend Micro. "Are you going to open a message with Swedish text in it if you don't speak Swedish? Probably not. But you might if it were in your own language."

Hartmann said that this latest worm does not stack up to the big worms this year, such as Bagle, MyDoom and Netsky, which each had millions in distribution worldwide. Hartmann said Zafi has "only in the thousands, globally."

So far antivirus companies are issuing "medium" threat warnings, and will continue to monitor the worm's spread.

Not being very computer literate, I assume this means that as long as you delete it without reading it, it can't harm your computer. Is this correct or can it damage anything just by being there?

If you receive an email entitled "Crazy Times" delete it

immediately. Do not open it! Apparently this one is pretty


It will not only erase everything on your hard drive, but it

will also delete anything on disks within 20 feet of your


It demagnetizes the stripes on ALL of your credit cards.

It reprograms your ATM access code, messes up the tracking

on your VCR and uses subspace field harmonics to scratch any

CD's you attempt to play.

It will re-calibrate your refrigerator's coolness settings

so all your ice cream melts and your milk curdles.

It will program your phone autodial to call only your

mother-in-law's number.

This virus will mix antifreeze into your fish tank.

It will drink all your beer.

It will leave dirty socks on the coffee table when you are

expecting company.

Its radioactive emissions will cause your toe jam and

bellybutton fuzz (be honest, you have some) to migrate

behind your ears.

It will replace your shampoo with Nair and your Nair with

Rogaine, all while dating your current boy/girlfriend behind

your back and billing their hotel rendezvous to your Visa


It will cause you to run with scissors and throw things in a

way that is only fun until someone loses an eye.

It will give you Dutch Elm Disease and Tinea.

It will rewrite your backup files, changing all your active

verbs to passive tense and incorporating undetectable

misspellings which grossly change the interpretations of key


If the "Crazy Times" message is opened in a Windows

environment, it will leave the toilet seat up and leave your

hair dryer plugged in dangerously close to a full bathtub.

It will not only remove the tags from your mattresses and

pillows, but it will also refill your skimmed milk with

whole milk.

It will replace all your luncheon meat with Spam.

It will molecularly rearrange your cologne or perfume,

causing it to smell like dill pickles.(Remember Brut 33 ?)

It is insidious and subtle.

It is dangerous and terrifying to behold.

It is also a rather interesting shade of mauve.

alt text

