[NCLUG] Fwd: Fw: Fw: Subject: Major virus warning

dobbster dobbster at dobbster.com
Wed Mar 7 10:17:46 MST 2001 

> Okay, now all that said, here's a real warning:  There is a real virus,
> called Hybris that sends you all those "Hahaha at sexyfun.net" messages.
> 
> http://vil.mcafee.com/dispVirus.asp?virus_k=98873&
> 
> Its rather clever, and hides itself rather well.  Update your virus
> scanner and check yourself for it.  If you don't want to get it, DON'T
> CLICK ON ATTACHMENTS.  Wav files, mp3s, etc may be safe, but
> screensavers and executables (Applications) should never be run.  Yeah,
> you might miss out on the latest version of Frogapult, but then, if your
> friend really wants you to see it, they would have sent you this link
> instead:
> http://www.nstorm.com/games/game.cfm?game_id=1  So you can get it
> yourself, direct from the distributer, and be assured of getting a virus
> free version.  Then, we never would have had to deal with this:
> http://vil.mcafee.com/dispVirus.asp?virus_k=10464&

Thanks for the frogapult link!

It is fairly safe to run .exe attachments as a non-root user using wine,
it seems.

I've had to deal with hoaxes and real viruses (on other machines) a lot,
because I have a fair number of clueless friends (who refuse to run
anything but Windows).  One thing I've noticed about the Hybris worm is
that it almost always arrives a few minutes after an infected sender's
message.

That is, you get a message from them, and 2-10 minutes later, the
hahaha at sexyfun.net one shows up.  From what I've read, this worm
contacts alt.comp.virus in the meantime and somehow (?) the newsgroup
indirectly sends the message.  Anyway, knowing this has helped me to
inform people that they were infected through a simple test: I have them
send out a blank email, wait a few minutes, and see if Snow White shows
up...

I've also received Hybris as an attachment from an unknown sender with a
blank message (a mutant, perhaps?)  A simple way to detect Hybris is to
save the attachment to disk and 'grep -i hybris whatever.exe'.

I think it's best to avoid Windows altogether and just watch out for
Ramen, which seems easy enough to avoid.

Mark (dobbster at dobbster.com)

More information about the NCLUG mailing list