Posted: 4/2/2001 10:30:46 PM EDT
I just got a virus from one of the guys on this board emailing him about a gun in the other section. It says something about snow white. DOn't open like I did. It is a worm virus and is hard to find and get rid of...
The virus is the hybris 32 bit worm. It is very very well designed. However, it should have been from HAHAHAHA instead of a board member unless they were just being malicious.
[u][center][size=4][blue]Kaspersky Lab Warns Over Revamped Hybris Worm [/size=4][/center][/blue]
By Sylvia Dennis, Newsbytes
13 Nov 2000, 7:49 AM CST[/u]
Kaspersky Lab this morning issued a warning over a highly dangerous rework of the Hybris worm that has been discovered "in the wild" over the last few days,
The Russian anti-virus specialist, which has taken to issuing daily updates to its IT security software, has warned customers that the virus has been seen around the world, but its especially prevalent in Latin America.
The first version of Hybris was discovered by Kaspersky Lab and several other anti-virus software developers at the end of September, and was classified as a low-risk malicious program.
However, over the last few days, the firm said it has been inundated by reports from users whose computers have been infected by a new version of the virus.
As of this morning, Kaspersky said it has discovered five versions of Hybris and expects further new variations to be found in the near future.
The new version of Hybris spreads by attaching itself to infected e-mails, and works only under MS-Windows. When the recipient executes the attached file, the worm infects the host PC.
Kaspersky added that the procedure for infection is typical for this type of malicious program and is performed in a similar way to Happy or MTX viruses.
For the technically-minded, to proliferate, the worm infects the WSOCK32.DLL library, and also intercepts the Windows function that establishes the network connection.
The worm then scans sent and received data for any e-mail addresses, and sends copies of itself to these e-mail addresses.
The bad news is that the subject, text and name of the attached file is chosen randomly by the worm, for example:
From: Hahaha email@example.com Subject: Snowhite and the seven Dwarfs - The REAL Story! Attachment: dwarf4you.exe
Hybris also contains several (up to 32) components (plug-ins) in its program code, and executes them depending on its needs. The worm functionality is mostly defined by the plug-ins, which are stored in the body of the worm and are encrypted by a very strong cryptographic algorithm.
Curiously, Hybris maintains the functionality of its plug-ins via the "alt.comp.virus" conference on the Usenet, and downloads any upgraded or missing plug-ins from the conference or the author's Web site, if available.
Eugene Kaspersky, the firm's head of anti-virus research, said that the worm is possibly the most complex and refined malicious code in the history of virus writing.
"Firstly, it is defined by an extremely complex style of programming. Secondly, all the plug-ins are encrypted with strong RSA 128-bit crypto algorithm key. Thirdly, the components themselves give the virus writer the possibility to modify his creation 'in real time' and in fact allow him to control infected computers worldwide," he said.
As a result of weekend work by Kaspersky, the firm said that its AVP anti-virus software has been updated to take account of the revitalized worm program.
Kaspersky's Web site is at: [url]http://www.kaspersky.com [/url].
Reported by Newsbytes.com,[url] http://www.newsbytes.com [/url].