Origins: Christmas is the season for many things, but holiday greeting messages that trick users into executing malevolent computer programs shouldn't be one of them. Unfortunately, that was the case with the Zafi.D mass mailing worm,
launched in mid-December 2004.
The Zafi.D worm arrived as an attachment to e-mails that bore a subject line of "Merry Christmas"
and a message body consisting of the words "Happy Hollydays" printed in green text and separated by a yellow emoticon. (The message was signed with any one of a number of names, including "Jaime" and "Anne McGee.") The attachment (with a .ZIP file extension), when executed, delivered worm code that infected Microsoft Windows systems and replicated by sending itself to e-mail addresses harvested from the infected computer's address book.
Even worse, Zafi.D presented a more appealing lure by determining the locations of targeted recipients through their domain-name extensions and altered its text to reflect the native languages of those areas. (For example, users whose e-mail addresses end with .fr received messages titled "Joyeux Noel!," while users whose e-mail addresses end with .it received messages titled "Buon Natale!")
The Zafi.D worm now poses little or no threat, as it is easily caught and eliminated by most virus protection software products. The Zafi.D "Merry Christmas" warnings, which date from 2004, should not be confused with the 2007 "Merry Christmas" variant of the Invitation (or Olympic Torch) hoax.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.