Zafi.B is a worm that looks for directories in which antivirus programs are installed. If successful, Zafi.B overwrites the executable files with copies of itself. By doing so, the user will be unprotected against the attack of other malware. So whenever users run the antivirus, they will be running the Zafi.B without noticing.
In addition, Zafi.B searches for certain processes, such as the Windows Registry Editor, the Task Manager, etc. If successful, Zafi.B ends them.
Zafi.B spreads via e-mail in a message with variable characterics that can be written in different languages, and through peer to peer file sharing programs (P2P).