| |
[index]
[month]
[prev]
[next]
Hi All
just for your reference .......
I think someone in the group has an infected 'puter which spreads the
W95.hybris.worm virus. I picked it up yesterday when checking the group
postings. Norton's caught it and quarantined it as it arrived so it wasn't
a problem here, but it could be a problem to those who have no or little
protection. Seems anything good is called Norton's ...... virus protection
..... star atlas's ..... motorcycles ....
The virus infects .com files and goes for 1 of the core windows dll
files. It then sends itself at random with outgoing mail without the
knowledge of the person sending mail.
This from Symantec ....
Discovered on: September 25, 2000
Last Updated on: May 2, 2001 at 04:55:15 PM PDT
W95.Hybris.worm is a dropper file that the W95.Hybris.gen worm copies to a
hard disk when an infected email attachment is opened. It can also be
detected in the original attachment that is received from an infected
computer.
NOTE: Virus definitions dated prior to February 22, 2001, may detect this
as W95.Hybris.gen.dr.
When the worm attachment is executed, the Wsock32.dll file is modified or
replaced. Once the worm has infected wsock32.dll, it has the abilty to
monitor the Internet connection as well as incoming and outgoing email
traffic. The worm then scans for email addresses. When an email address is
detected whether on an Internet site or in email being sent or received,
the worm waits for a period of time and then sends an infected message to
the detected address.
The worm attempts to connect to the alt.comp.virus newsgroup. If it
connects successfully, then the worm uploads its own plug-ins to this
newsgroup in an encrypted form. It goes thru the subject header of the
messages, and tries to match a specific format. The subject header will
also specify the version number of the attached plug-in if the plug-ins are
present. If newer versions of the plug-ins are found, the worm downloads
them and updates its behavior.
One of the plug-ins for W95.Hybris.gen generates a spiral image. Upon
execution, the plug-in initially loads OpenGL libraries which are used to
draw a large black and white spiral image. It also registers itself as a
service; this prevents it from being displayed in the Close Programs dialog
box.
hope this helps you all
regards
Doug I.
View index by [date] [author] [subject]
Previous message: [M]: RE: Pocket PC's and CCD's, Mark de Regt
Next message: [M]: Re: LX200 8-inch and 2-inch eyepieces, Michael A. Covington
|
|