New Zafi variant goes for Google

The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a distributed denial-of-service (DDoS) attack against Google.com, Microsoft.com and miniszterelnok.hu, which is the Web site of the Hungarian Prime Minister.

The Zafi worm has evolved since it was first discovered in April of this year. Zafi.A contained Hungarian text and only tried to send itself to email addresses inside Hungary. Also, it did not contain a destructive payload. Two months later Zafi.B was released and this time the worm was able to terminate antivirus and firewall applications and 'speak' in numerous languages, including English, Spanish, Russian and Swedish.

Mikko Hypponen, director of antivirus Research at F-Secure, said that if Zafi.C is worse than Zafi.B there could be trouble because the second variant has been in the company's top 20 virus list since it was released.

"Zafi.C might be bigger news as the previous variant of this Hungarian virus, Zafi.B, has been in our Top 20 for the past four months. However, so far we've received few reports of this virus."

Once active, Zafi.C scans the infected computer's Windows Address Book and hard drive for email addresses. It spreads by composing emails using a "complex set of rules" and sending them out with its built-in SMTP engine.