Olympus-OM
[Top] [All Lists]

Re: [OM] snowwhite [no attached file]

Subject: Re: [OM] snowwhite [no attached file]
From: "Hans van Veluwen" <hcvanveluwen@xxxxxxxxx>
Date: Thu, 15 Feb 2001 19:09:52 +0100
: Who knows whether the web page is a hoax but it would seem prudent to
: delete the original attached file unopened. On the otherhand, Snowwhite
: could be one up on the Russian tennis diva whose name has been spread
: around the net lately!!

The virus that was sent to the list was a real one, and a nasty one too.
It is called W32/Hybris.gen@M
Fortunately the OM-listserver seems to have removed the executable.
This is a very persistent e-mail virus; it has been sent to me at least five
times in the last couple of months.

Info: http://vil.mcafee.com/dispVirus.asp?virus_k=98873&;
"Virus Characteristics
When first executed, this worm tries to infect the WSOCK32.DLL file in the
WINDOWS\SYSTEM directory. First it tries to infect the WSOCK32.DLL file
directly. If it fails because the file is already in use, then it creates an
infected copy on the WSOCK32.DLL in a new file. This new file goes by an
extensionless filename made up of 8 random characters. A line is then created in
the WININIT.INI file to rename this newly created file to WSOCK32.DLL, thus
overwriting the original WSOCK32.DLL file. This change takes place the next time
the system is booted. A registry value under
Software\Microsoft\Windows\CurrentVersion\RunOnce\(default) is also created to
run the worm at the next bootup, in case the previous attempts to infect
WSOCK32.DLL fail.
The modified WSOCK32.DLL file watches all Internet activity and attempts to mail
a copy of the worm, in the form of a .EXE or .SCR file, to any valid e-mail
address sent over the Internet connection, whether part of a e-mail message, web
page, or newsgroup posting. AVERT cautions all users to delete unexpected
attachments. W32/Hybris.gen@M is sent unknowingly by the infected user."


Btw, the moron who wrote the Kournikova virus (or rather had it generated by
software he got from the internet) has given himself in to the police but after
being interrogated he's now hiding. He's a 20 year old from Sneek, the
Netherlands. He claimed he sent the virus as a protest for Microsoft who did
nothing to protect Outlook after the IloveYou Virus hit the world...


hnz


< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >


<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz