If you open an infected attachment it will start on your computer and try to infect others. It is possible to get the nastie by other means like a Shared Folder or peer-to-peer networking but email is the most common method of infection.
This email worm sends itself from an infected computer to email addresses it finds on that computer. These email addresses are found not only in address books but in Internet cached pages as well. It runs on Windows operating systems only and does NOT need Outlook to run.
All messages in the body end with a Smiley face, followed by the (forged) sender?s name.
Running the attachment of these Christmas cards will cause the worm to run and infect your computer. The worm can have the following extension names: .bat .cmd .com .pif or .zip
Do I have it?
If you think you might be infected then make sure your anti-virus software is up to date then do a full scan of your computer. Don't panic -- most of the time people think a computer is infected it really some glitch in software or Windows itself.
If you are truly infected, Symantec Security Response has created a removal tool, which is the easiest way to remove the worm. http://firstname.lastname@example.org
Thankfully this worm doesn?t destroy any files or documents, its main aim is to spread itself around. To this end it
Creates a registry key so the worm executes every time Windows starts
Terminates security related processes like various anti-virus programs
Sends a copy of the worm to email addresses gathered from the computer, using its own SMTP engine
Creates exe files in folders with ?shar? in the name (like Shared folders)
It also opens a TCP/IP port and listens for commands from a remote attacker and displays Error Message ?Title: CRC: 04F7Bh Message: Error in packed file!?.
From: Woody's EMAIL Essentials
E-Card Holiday Virus Packs Ugly Punch
A new virus strain masquerading as electronic Christmas cards is accounting for one in every 10 e-mails hitting in-boxes, security experts warned Wednesday.
The W32/Zafi-D worm, which originated in Hungary, is using mass-mailing and P2P (peer-to-peer) techniques to squirm through in-boxes and slow network traffic to a crawl.
The worm, which poses as a Christmas greeting, has the ability to replicate in as many as 19 languages, which makes it a "very serious threat" to computer users worldwide, said Graham Cluley, a senior technology consultant at Sophos Inc.
Cluley told eWEEK.com the Zafi-D mutant accounts for 75 percent of all virus reports at coming into the company's monitoring stations in the past 24 hours.