From: Joachim Feise (jfeise@ics.uci.edu)
Date: Thu Nov 30 2000 - 15:22:11 PST
My McAfee scanner identifies it as W32/Hybris.gen@M
Description is here: http://vil.mcafee.com/dispVirus.asp?virus_k=98873&
Virus Name
W32/Hybris.gen@M
Date Added
11/1/00 2:37:27 PM
Virus Characteristics
This is an Internet worm which can be received by email. If run, this worm modifies the WSOCK32.DLL file, after which,
an attempt is made to mail a copy of the worm to all mail recipients whenever email messages are sent out.
AVERT cautions all users to delete unexpected attachments. W32/Hybris.gen@M is sent unknowingly by the user.
This Internet worm downloads encypted update components from an Internet web site, most likely it is the author's site.
This worm downloads encrypted components similar to the method first used by W95/Babylonia.
-Joe
karee wrote:
>
> A new Windows virus or worm appears to be spreading through spam. I
> received two copies of the below "Snowhite and the Seven Dwarfs" joke
> today. Attached to it was a file called "joke.exe" that Wired's email
> scanner (AMaViS, at amavis.org) flagged with this error message: "Our
> viruschecker found a VIRUS in your email"
>
> I haven't attached the file in executable form because of the off chance
>
> that a politech reader using Windows will click on it by accident. But
> if
> you know how to uudecode and ungzip it, you can find it at:
> http://www.politechbot.com/docs/virus-joke.exe.gz.uu
>
> Two points: 1. Never click on .exe or .vbs files if you're running
> Windows.
> (Those of us who use Linux mailreaders don't have this problem.) 2.
> Watch
> for congresscritters to use this (if it checks out) as more reasons to
> "regulate" spam next session.
>
> -Declan
>
> *******
>
> Received: from smtp.well.com (smtp.well.com [208.178.101.27]) by
> mail.well.com (8.8.5/8.8.5) with ESMTP id UAA19192 for
> <declan@mail.well.com>; Wed, 29 Nov 2000 20:34:15 -0800 (PST)
> Received: from cyber-monster (pppte08-220.ght.airmail.net
> [206.138.228.190])
> by smtp.well.com (8.8.5/8.8.4) with SMTP id UAA26040 for
> <declan@well.com>;
> Wed, 29 Nov 2000 20:33:55 -0800 (PST)
> Date: Wed, 29 Nov 2000 20:33:55 -0800 (PST)
> Message-Id: <200011300433.UAA26040@smtp.well.com>
> From: Hahaha <hahaha@sexyfun.net>
> Subject: Snowhite and the Seven Dwarfs - The REAL story!
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="--VEBOLIRSLEN"
>
> Today, Snowhite was turning 18. The 7 Dwarfs always where very educated
> and
> polite with Snowhite. When they go out work at mornign, they promissed a
>
> *huge* surprise. Snowhite was anxious. Suddlently, the door open, and
> the Seven
> Dwarfs enter...
>
> [Attachment saved as joke.exe]
>
> ----------------------
This archive was generated by hypermail 2b29 : Thu Nov 30 2000 - 15:28:33 PST