W32/Zafi.b@MM is a Medium Risk mass-mailing worm that
spreads via email and peer-to-peer applications.
When spreading via email, the worm will both spoof the
sender's From address and send itself out in different
languages depending on the top level domain of the
recipient's email address. For example, if the address ends
in .COM, the virus's email body will appear in English. If
the address ends in .DE, the email will appear in German.
The worm also attempts to cripple anti-virus and firewall
software installed on a user's system by locating and
overwriting a user's security software with copies of itself.
Furthermore, the worm will attempt to thwart manual detection
by terminating key Windows processes.
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Varies. Examples:
- You've got 1 VoiceMessage!
- Don't worry, be happy!
- Check this out kid!!!
BODY: Varies.
Online Scan for W32/Zafi.b@MM:
==>
http://us.mcafee.com/root/campaign.asp?cid=10564