English
Deutsch
Francais
Español
Italian
Home
Virus Info
W95/Hybris
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
W95/Hybris - Malware
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Alias:
Type:
Worm
Size:
25.088 Bytes
Origin:
Date:
12-01-2000
Damage:
Sent by email.
VDF Version:
6.23.00.00
Danger:
Low
Distribution:
High
Distribution
It searches all traffic on the network or Internet for email addresses. The email has the following structure:
From: Hahaha %hahaha@sexyfun.net%
Subject: Snowhite and the Seven Dwarfs The REAL story Branca de Neve prono! Enanito si, pero con Sque pedazo Les 7 coquir nains
Body: Today, Snowhite was turning 18. The 7 Drawfs always where very educated and polite with Snowwhite. When thy go out work at mornign, they promissed a ..... C etait un jour avant son dix huitiem anniversaire. Les 7 nains, qui avaient aidé blanche neige toutes ves années aprés quelle se soit enfuit.....
Attachment: sexy virgins.scr joke.exe atchim.exe dunga.scr midgets.exe blancheneige.exe enano.exe enano porno.exe blanca de nieve.scr enanito fisgon.exe sexynain.scr blanche.scr nains.exe branca de neve.scr anáo pronó.scr famous.exe celebrity rape.exe leather.exe sex.exe hottest.exe cum.exe cumshot.exe Anna.exe Raquel Darian.exe Xena.exe Xuxa.exe Suzete.exe horny.exe anal.exe gay.exe oral.exe pleasure.exe sexy.exe hot.exe asian.exe lesbians.exe teens.exe virgins.exe boys.exe girls.exe messy.exe kinky.exe fist-fucking.exe amateurs.exe cheerleader.exe SM.exe sado.exe suck.exe orgy.exe black.exe blonde.exe sodomized.exe hardcore.exe slut.exe doggy.exe
Technical Details
If Windows uses WSOCK32.DLL and the worm can not change it, it makes a copy of the file, modifies the copy and using WININIT.INI, it will cause the replacement of the original with the altered file by the next system start.
Next, the worm creates a random file in Windows directory, containing its code and makes the registry entries: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName
If WSOCK32.DLL is infected, the worm searches the network and the Internet through it. HYBRIS is known to have converted its own Plugins to send itself to the server.
See a brief description
here
.
Description inserted by Crony Walker on Tue, 15 Jun 2004 14:00 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Bagle.FJ
W32/Elkern.C
Worm/Mytob.DH
Worm/Mytob.CR
Worm/Netsky.D.Dam
TR/Dldr.Agent.aizj
JS/Dldr.Small.CR.2
TR/Dldr.Agent.XAE
JS/Dldr.Agent.bbt
HTML/IFrame.800
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Print this page
.gif)
