Fw: Hybris virus: Sleeper hit of 2001 (fwd)

craig martin clmartin at kc.rr.com
Wed Jan 17 17:05:50 EST 2001 

hi, guys. for anybody who hasn't seen this, this is a virus alert for
those using windows.  for those who know about it, or who use Linux, read
with intrest and if n a, disregard.


-- 
craig martin

---------- Forwarded message ----------
Date: Tue, 16 Jan 2001 10:03:41 -0600
From: kathy martin <kmartin at kc.rr.com>
To: craig martin <clmartin at kc.rr.com>
Subject: Fw: Hybris virus: Sleeper hit of 2001

     Honey, check this out.  I got this from Melvin Smith.  Love you.
Kathy.
----- Original Message -----
From: "Melvin Smith" <melvins at alphapointe.org>
To: <melvins at alphapointe.org>
Sent: Tuesday, January 16, 2001 9:24 AM
Subject: Fwd: Hybris virus: Sleeper hit of 2001



>>
>>Hybris virus: Sleeper hit of 2001
>>Computer worm shows no signs of slowing down
>>By Robert Lemos ZDNN
>>Jan. 11 -
>>Hybris, a computer worm that uses encrypted plug-ins to update itself,
could
>>be the
>>sleeper hit of 2001, anti-virus experts say.
>>AdConDown(document.frmAdGifts.catId);
>>        "IT'S NOT A fast mailer or a mass mailer. It's slow and subtle,"
said
>>Roger
>>Thompson, technical director of malicious-code research for security firm
>>TruSecure.
>>But "slow and steady wins the race."
>>        The spread of most computer worms tends to spike quickly and just
as
>>quickly
>>die out. But the 3-month-old Hybris worm shows no sign of dying anytime
>>soon, Thompson
>>said.
>>        He compared the virus to Happy99.exe, also known as Win32/Ska, a
>>malicious
>>program that started spreading in January 1999 and remained a threat to
the
>>unwary
>>for more than a year.
>>        Like Happy99, the Hybris worm spreads by monitoring a PC's network
>>connection
>>for e-mail messages. When a message is detected, the worm will add the
>>addresses
>>found in the e-mail's header to a list. Later, Hybris selects destinations
>>from the
>>list to which it sends copies of itself.
>>        Instead of the avalanche of e-mail messages created by viruses
such
>>as Melissa
>>and LoveLetter, Hybris produces a steady trickle of virulent e-mail,
making
>>it less
>>noticeable.
>>        Another point in the worm's favor: It's written as a 32-bit
Windows
>>program,
>>not in a scripting language as was LoveLetter or Melissa, said Vincent
>>Gullotto,
>>director of the anti-virus emergency research team at security firm
Network
>>Associates.
>>        "It is a hard one to kill, like most Win32 infectors," he said.
>>"Anything
>>that uses Win32 infects the PC very quickly. It can infect hundreds of
files
>>in a
>>matter of seconds."
>>        Hybris' combination of slow spread and fast infection seems to
have
>>worked.
>>        First detected in October 2000, the worm has remained on the
top-10
>>list of
>>worldwide infectors, according to statistics from Trend Micro's Worldwide
>>Virus Tracking
>>page. For the past week, the virus has been rated as the No. 4 most
>>prevalent virus
>>in the United States, as measured by the number of PCs infected, and No. 9
>>worldwide.
>>        While Trend's statistics only take into account a small percentage
of
>>incidences
>>worldwide, it is one of the few quantitative gauges of virus activity.
>>DANGEROUS PLUG-INS
>>        One factor that hasn't helped Hybris spread itself widely is its
use
>>of encrypted
>>plug-ins, anti-virus experts said.
>>        Like the Babylonia, LoveLetter and MTX viruses, the Hybris virus
can
>>access
>>information across the Internet-in this case, from the alt.comp.virus
Usenet
>>group-and
>>modify itself. That makes it different from the other viruses, said Nick
>>FitzGerald,
>>a New Zealand-based security consultant and virus researcher.
>>        "Hybris changes shape by finding and incorporating different
>>extensions into
>>its code and mailing that new form to other potential victims," he said.
>>        Typically, the anti-virus community would shut down the site that
>>hosted such
>>plug-ins, but because their own newsgroup is being used to publish the
code,
>>they
>>can't shut it down without hurting their own ability to fight viruses.
>>        Anti-virus experts believe the author of the virus is the same one
>>who created
>>the Babylonia virus, a concept virus that "phoned home" to a Japanese Web
>>site known
>>as the Source of Chaos and updated itself using files found on the site.
>>        The name of the author, known as Vecna, appeared in a copyright
>>notice in
>>Hybris. Security firm Aladdin Knowledge Systems announced on Tuesday that
>>they had
>>proof that the virus had been created by the so-called VX-Brazil group.
They
>>claim
>>that Vecna is a member of that group.
>>        Hybris' ability to change how it works and its signature makes the
>>worm potentially
>>very dangerous.
>>        Depending on which plug-ins it downloads, the worm could morph
into a
>>backdoor
>>through a PC's security or into a malicious program that corrupts data. At
>>present,
>>at least eight plug-ins are known to exist.
>>        "At some point, (the writer) could easily have control of a large
>>number of
>>PCs," said TruSecure's Thompson, who added that companies don't have much
to
>>worry
>>about, as their network administrators usually update virus definitions
>>often enough
>>to keep up with any changes to Hybris.
>>        Home computer users need to update their virus scanners frequently
>>and treat
>>e-mail attachments with suspicion, he said.
>>© 2001 ZD Inc. All Rights Reserved. ZDNet and ZDNet logo are registered
>>trademarks
>>of ZD Inc. © 2000 Ziff Davis Media. All Rights Reserved.
>>


____________________________________________________________
T O P I C A  -- Learn More. Surf Less.
Newsletters, Tips and Discussions on Topics You Choose.
http://www.topica.com/partner/tag01

More information about the Speakup mailing list