Printer Friendly
The Free Library
14,693,900 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Hybris: The story continues. (Security Supplement).


Kaspersky Lab Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products. , warns users of the discovery of Hybris hy·bris  
n.
Variant of hubris. , a new Internet-worm. Kaspersky Lab has been receiving reports of the discovery of this virus "in the wild" worldwide, being particularly active in Latin America Latin America, the Spanish-speaking, Portuguese-speaking, and French-speaking countries (except Canada) of North America, South America, Central America, and the West Indies.  although infections by this virus have also been found in Europe. The first version of this Internet worm was discovered by Kaspersky Lab and several other anti-virus software developers at the end of September and was classified as a low risk malicious program. However, within the last few days, the company has been inundated in·un·date  
tr.v. in·un·dat·ed, in·un·dat·ing, in·un·dates
1. To cover with water, especially floodwaters.

2.  by reports from users whose computers have been infected by this virus. At this moment, Kaspersky Lab has discovered five versions of Hybris, and it is expected that new variations will be found in the near future.

The Internet worm Hybris spreads by attaching itself to infected e-mails and works only under MS Windows. When the recipient executes the attached file, Hybris infects the host PC. The procedure for infection is typical for this type of malicious program and is performed in a similar way to the Happy or MTX MTX
abbr.
methotrexate

methotrexate (amethopterin, MTX) Warning - Hazardous drug!

Maxtrex (UK), Metoject (UK)

Pharmacologic class:  viruses. To proliferate, the worm infects the WSOCK WSOCK Windows Sockets 32.DLL (1) See data link layer.

(2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs.  library and also intercepts the Windows function that establishes the network connection; it then scans sent and received data for any e-mail addresses, and sends copies of itself to these e-mail addresses. Subject, text and name of the attached file are chosen randomly, for example:

From: Hahaha hahaha@sexyfun.net

Subject: Snowhite and the seven Dwarfs The REAL Story

Attachment: dwarf4you.exe In addition, this worm has some specific features. Hybris contains several (up to 32) components (plugins) in its code and executes them depending on its needs, The worm's functionality is mostly defined by the plugins. They are stored in the body of the worm and are encrypted by a very strong crypto algorithm. However, the main peculiarity is that Hybris maintains the functionality of the plugins: it sends its own components to the anti-virus conference nalt.comp.virus" and downloads from there any upgraded or missing plugins. The virus components can also be up ed by the worm from the author's Web page, via the Internet. So far, plugins found in the known versions of this virus and those at the Web site are fairly harmless and do not cause any direct damage. But, the fact that they can be updated means that they may be given completely different functions, for example, installing a Trojan horse backdoor See trapdoor. . Although there have previously been some cases when a malicious program has be en updated from the Internet, this is the first time it has occurred on this scale 'in the wild.' 'What we have here is perhaps the most complex and refined malicious code in the history of virus writing," comments Eugene Kaspersky, Head of Company Anti-Virus Research Center. 'Firstly, it is defined by an extremely complex style of programming. Secondly, all the plugins are encrypted with very strong RSA (1) (Rural Service Area) See MSA.

(2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key.  128-bit crypto-algorithin key. Thirdly, the components themselves give the virus writer the possibility to modify his creation 'in real time," and in fact allow him to control infected computers worldwide."

www.kaspersky com
COPYRIGHT 2001 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Internet worm
Publication:Software World
Date:Jan 1, 2001
Words:520
Previous Article:Nothing romantic about new Romeo & Juliet Virus. (Security Supplement).(Brief Article)
Next Article:Navidad and Hybris viruses pose low threat to users practising safe computing. (Security Supplement).
Topics:



Related Articles
Sophos Six-Month Summary Of Virus Activity.
Navidad and Hybris viruses pose low threat to users practising safe computing. (Security Supplement).
The virus top twenty December 2001 (percentage by occurrence). (News).(Brief Article)(Statistical Data Included)
Summary for the year 2001 September - December (percentage by occurrence). (News).(Statistical Data Included)(Brief Article)
Kaspersky Lab present the virus top twenty for February 2002. (Virus Notes).(table)(Brief Article)
Top Ten Viruses in March.(list)(Brief Article)
Kaspersky virus reports May 2002. (Security).(Brief Article)(Statistical Data Included)
Kaspersky Virus Top 20 for July.(Kaspersky Virus Top 20 for July)(Brief Article)
Top Ten Viruses and Hoaxes in July 2002.
Kaspersky Labs top-20 malicious programs - June 2003. (Virus Notes).(Brief Article)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles