Win32:Hybris

is an Internet worm which has the capability to update itself via Internet. There is a kernel part and separate "plugins" which can be swaped or even upgraded via Internet. These plugins are encrypted with quite strong cryptography.

When executed, Win32:Hybris infects WSOCK32.DLL and sends itself in a separate message complementary  to any meassage sent from the infected computer.  The subject, text of the message and the name of the attached file are part of the plugin so they could be changed via upgrade mechanism. The basic version can contain the texts in English, French, Spanish and Portugese. The English message has sometimes the subject "Snowhite and the Seven Dwarfs - The REAL story!" and the body contains the adult version of the well known tale. 

The upgrade mechanism of this worm is very flexible and could be changed in the future via the special plugins. Currently it can download the plugins from the dedicated web page and it can get them from the special Usenet discussion group called alt.comp.virus. All instances of worm can upload and download the encrypted plugins in a special format with identifier and version number into this mailing group. Another plugins are responsible for ZIP and RAR infections. There could be some more in the future.

Any avast! with VPS file dated after 24th November 2000 is able to detect this virus.

Viruse
Viruses in the Wild Windows Viruse Ältere Windows Viruse 2002 Ältere Windows Viruse 2001 Ältere Windows Viruse 2000 Script Viruse Macro Viruse Virus Berichts-Dokument Virus Berichts-Ergebnis Eicar Test-Datei VPS Rückblick
Mitgliedschafts-Service
VPS (iAVS) Mitgliesch. Service
avast! Virus Entferner
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Home page