[Esa-l] New worm?

Gerard MANNIG mannig at worldnet.fr
Thu Apr 26 08:41:00 PDT 2001


A 12:05 25/04/01 -0600, Brett Glass icrit:
>I just received an odd message that emanated from a dial-up
>account in Russia. The headers looked like this:
(...)
>EGFCHDEG.EXE
>
>Anyone know what this is? The MIME boundary fits the pattern for
>Hybris, and the string HYBRIS appears early in the binary, so
>I'm assuming that this is a Hybris variant. But John's sanitizer didn't
>quarantine the message. Fortunately, most of our users aren't foolish
>enough to open up an attachment that doesn't even say who it's from....

Hi,

Any sample can be forwarded to me for an in-depth analysis in case of need.
Anwyay, sounds very familiar with Hybris plague...





Gerard Mannig
International Consultant
  V.A.R.S Intl antivirus Support     http://www.hitchhikers.net/vir-vrf.htm
         Member of the Wild List ( http://www.wildlist.org )
Discovered the viruses'JUMPER' , partially familly 'WereWolf' ,
Win.Tentacle.1958,
GGM.936 & EMAS.2456, Win32.HLLP.DeTroie, Trojan.BadSector,
     JS.Trojan.WindowBomb, I-Worm.LoveLetter.ao, SillyOC.155



More information about the esd-l mailing list