Hybris is a complex new worm

By Robert Vamosi
15 November 2000 11:13 AM
Tags: e-mail, internet, worm, virus, anti virus, scan, sic, dwarf

At least five variations exist of this complex worm that can update itself via the Internet.

Hybris (W32.Hybris) is a complex supervirus whose e-mail delivery system is similar to Happy 99 and whose programming and payload are similar to MTX. Although this worm has been known for some time, reports of Hybris are increasing worldwide. And while the worm currently contains a relatively harmless payload, Hybris has the capability to upgrade itself via the Internet and therefore could become dangerous. At least five distinct variations of Hybris have been reported by anti-virus software companies so far.

How It Works
Hybris arrives via e-mail with the following characteristics:

From: Hahaha hahaha@sexyfun.net

Subject: Snowhite and the seven Dwarfs - The REAL Story!

Attachment: a variable file name ending with .exe or .scr, most commonly dwarf4you.exe

Body text: "Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and polite with Snowhite. When they go out work at mornign (sic), they promissed (sic) a *huge* surprise. Snowhite was anxious. Suddlently (sic), the door open, and the Seven Dwarfs enter..."

A user clicking on the above attachment will load the worm. Hybris scans the system for e-mail addresses to send itself out over the Internet via e-mail. Hybris also inflects WSOCK32.DLL, renaming it and redirecting Windows.INI to point to the new, infected file. Thereafter, Hybris will send itself via reply mail to whomever sends new e-mails to an infected computer. Hybris is also savvy enough to establish its own Internet connections for the purpose of upgrading itself. What is notable about this worm is that is contains up to 32 Internet components, and can execute them as needed. At the moment, the components sent with Hybris are relatively harmless, however, the potential for new and more dangerous upgrades does exist.

Removal Instructions
Infected users should download the latest anti-virus signature files. Afterward, users will still need to restore a copy of WSOCK32.DLL, either from a clean backup or from the original Windows installation disks.

1 2 Next >
Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Chris Duckett Get extensions going in Firefox, redux
    Previously on Null Pointer we looked at getting extensions working in Firefox betas, and that was great until the fine folks at Firefox changed their minds.
  • Array How reliable is IP telephony?
    Have you ever heard a weird kind of hissing, crackling or popping noise when calling someone on an IP telephony line? How rare is the phenomenon these days?
  • Array Forget the NBN, 100Mbps is already here
    Telstra and TransACT will shortly begin offering 100Mbps broadband to many customers. By moving early, the companies have not only raised the bar for Australia's broadband services, but thrown down a challenge to a government that now faces increased pressure to deliver the NBN as promised.
  • More blogs »

Tags

  1. 490 articles are tagged with 3g
  2. 42 articles are tagged with afact
  3. 83 articles are tagged with asic
  4. 141 articles are tagged with ato
  5. 1306 articles are tagged with broadband
  6. 69 articles are tagged with cba
  7. 14 articles are tagged with cenitex
  8. 670 articles are tagged with cio
  9. 254 articles are tagged with conroy
  10. 132 articles are tagged with contract
  11. 47 articles are tagged with david thodey
  12. 156 articles are tagged with exchange
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 53 articles are tagged with gnome
  16. 1034 articles are tagged with government
  17. 22 articles are tagged with hfc
  18. 790 articles are tagged with hp
  19. 1304 articles are tagged with ibm
  20. 223 articles are tagged with iinet
  21. 289 articles are tagged with isp
  22. 7 articles are tagged with jodee rich
  23. 35 articles are tagged with michael malone
  24. 1482 articles are tagged with microsoft
  25. 35 articles are tagged with mike quigley
  26. 52 articles are tagged with minchin
  27. 1127 articles are tagged with mobile
  28. 218 articles are tagged with national broadband network
  29. 397 articles are tagged with nbn
  30. 201 articles are tagged with new zealand
  31. 195 articles are tagged with nsw
  32. 61 articles are tagged with one.tel
  33. 929 articles are tagged with open source
  34. 885 articles are tagged with optus
  35. 20 articles are tagged with pipe networks
  36. 171 articles are tagged with queensland
  37. 2651 articles are tagged with security
  38. 53 articles are tagged with senate
  39. 70 articles are tagged with separation
  40. 9 articles are tagged with sp telemedia
  41. 655 articles are tagged with sun
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2444 articles are tagged with telstra
  46. 138 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 31 articles are tagged with tpg
  49. 176 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured