Note: To protect the privacy of our members, e-mail addresses have been removed from the archived messages. As a result, some links may be broken.

Find Lesson Plans on getty.edu! GettyGames

Virus Alert: Snow White

---------

Jdecker_at_TeacherArtExchange
Date: Wed Nov 15 2000 - 07:33:06 PST


This just came in from our "Tech Guy" and is real:
Be on the look out for an email message with the title of:

"Snowhite and the Seven Dwarfs - The REAL story!"

==============================================
Win32/Hybris.Worm (Also known as Win32.Hybris)
==============================================

Win32/Hybris.Worm is an e-mail worm which modifies
WSOCK32.DLL to intercept outgoing messages in a
manner similar to Happy99 (which is also known as
SKA).

When run, the worm makes a copy of WSOCK32.DLL in
the Windows System directory. The copy will have
a random, 8 character name with no extension. The
worm "infects" this copy by patching the functions
used for connecting, and the sending and receiving
of data.

The worm modifies WININIT.INI in the Windows
directory so that the original WSOCK32.DLL will
be replaced with the modified copy the next time
Windows is restarted.

From this point, when the user sends an e-mail,
the worm will send an additional message to the
same address with a copy of itself attached.
The subject of the worm's message is:

"Snowhite and the Seven Dwarfs - The REAL story!"

The body of the message contains the following
text (including the spelling mistakes):

"Today, Snowhite was turning 18. The 7 Dwarfs
always where very educated and polite with
Snowhite. When they go out work at mornign, they
promissed a *huge* surprise. Snowhite was anxious.
Suddlently, the door open, and the Seven Dwarfs
enter..."

The name of the attachment is variable and has an
extension of either .EXE or .SCR.