| Name: | Hybris |
| Aliases: | TROJ_HYBRIS, I-Worm.Hybris, Hybris 1435, W32/Hybris@M,TROJ_HYBRIS.1435, Win32.Hybris.Gen, Hybris.A, W32/Hybris-B,W32.Hybris.22528.dr, Snowhite, Snow White, W32/Hybris-Drop,W95.Hybris.gen.dr, W95.Hybris.worm, Troj_Hybris.dll, |
| Ports: | 25 |
| Files: | Dwarf4you.exe - 23,040 bytes Midgets.scr - 23,040 bytes Anoafpan.exe - 23,040 bytes Fidgfnik.exe - 23,040 bytes Blanche.scr - 23,040 bytes Sexy virgin.scr - 23,040 bytes Wininit.ini - Wsock32.dll - |
| Created: | Sept 2000 |
| Requires: | |
| Actions: | Worm / Virus / Mail trojan |
| The worm patches Wsock32.dll. Hybris spreads to every address in Outlook. It always check the language version on the computer and is able to use messages in English, French, Spanish and Portuguese. When spread, the worm changes the name of the .exe file to another 8 characters. It exists at least 32 different plug-ins giving the worm various functions. The plug-ins are encrypted using an asymmetric 128-bit key algarythm and are downloaded från the newsgroup alt.comp.virus together with new encrypted instructions. One of the plug-ins makes Hybris to search for SubSeven infected computers on the Internet and infect them. The worm also probes into .zip and .rar archives, names .exe files to .ex$ and copies itself into the archive using the altered file´s name. | |
| Versions: | A, B, C, D, P1, P30, |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ |
| Notes: | Works on Windows 95, 98 and NT, together with MS Outlook. |
| Country: | written in Brazil |
| Program: |