| Name: | Hydra |
| Aliases: | I-Worm.Hydra, Hydra, Hyd, SETI@Home worm, W32.Hyd@mm, Hadra, |
| Ports: | |
| Files: | Msserv.exe - 12,249 bytes (packed) Msserv.exe - [26 kb](unpacked) Msseti.exe - Msseti.pif - Msseti.bat - RUN_MSSETI.VBS -User_info.sah - Version.sah - |
| Created: | Jun 2001 |
| Requires: | |
| Actions: | Worm / Mail trojan / Destructive trojan |
| It propagates by attaching itself to any new mail sent by Outlook. If a new copy of the worm arrives, it will be deleted. Hydra looks for active antivirus applications and terminates them. It also downloads the client application Msseti.exe using FTP. SETI = Search for Extraterrestrial Intelligence. This application is set to work for the coder. Information about SETI may be found on http://setiathome.berkeley.edu/. The code is packed using UPX. | |
| Versions: | |
| Registers: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_CURR ENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\ HKEY_LOCAL_MACHI NE\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Mi crosoft\Windows\CurrentVersion\RunServices\ |
| Notes: | Woks on Windows, together with MS Outlook. |
| Country: | written in the Czech Republic |
| Program: | Written in Visual Basic. |