This is a mass-mailing worm that constructs messages using its own SMTP engine, spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing "share" or "upload" in the folder name).
While the original Zafi.A uses only Hungarian, the new Zafi.B spreads in email in English, Italian, Spanish, Russian, Swedish etc. Installation
When executed, the worm copies itself twice to the %windir%\system32 folder using a random name and .EXE and .DLL extension.Example:
For McAfee the minimum DAT file: 4366, which will be released on: 06/16/2004. However, detection and removal is included in their DAILY DAT (beta) files, which can be downloaded from their DAT File Updates
website.Other links: CA: Win32.Zafi.BSophos: W32/Zafi-BF-Secure: Zafi.BSymantec: W32.Erkez.B@mmTrendMicro: PE_ZAFI.B