Virus variant targets Google

Mikko Hypponen, director of antivirus Research at F-Secure, said that if the new version, Zafi.C, is worse than Zafi.B, there could be trouble. But he was noncommittal about whether Zafi.C is much to worry about at this point.

"Zafi.C might be bigger news, as the previous variant of this Hungarian virus, Zafi.B, has been in our top 20 for the past four months," he said. "However, so far we've received few reports of this virus."

Once active, Zafi.C scans the infected computer's Windows Address Book and hard drive for e-mail addresses. It spreads by composing emails using a complex set of rules and sending them out with its built-in SMTP engine.

The first variant of the Zafi worm was discovered in April of this year, and it has evolved a great deal since then. Zafi.A tried only to send itself to e-mail addresses inside Hungary. It did not contain a destructive payload.

Two months later, Zafi.B was released, and this variant was able to terminate antivirus and firewall applications and "speak" in numerous languages, including English, Russian, Spanish and Swedish.

Paul Ducklin, head of technology at Asia-Pacific for Sophos, told ZDNet Australia that the new variants are yet to have any effect on Australian users.

"The good news for Australia is that we haven't had any reports of any infections, so these viruses rate at the bottom of the prevalence scale. It's important to remember that around 1,000 new viruses turn up every month--approximately one every 45 minutes," Ducklin said.

Wednesday was a busy day for antivirus companies. Apart from dealing with the new Zafi worm, they also found a new version of MyDoom and another variant of the Agobot worm, which uses an Internet Relay Chat server to give hackers remote access to infected systems.

Ducklin said the latest Agobot is the 359th variant.

Munir Kotadia of ZDNet Australia reported from Sydney.