A worm for Windows that rocked the world in early 2001. Known aliases IWorm_Hyrbis and I-Worm.Hybris.

It spread as an attachment to E-mails. What makes it remarkable is that it modifies the infected machine's WSOCK32.DLL, hooking itself to the calls the machine uses to communicate with the world. Then, it has the ability to listen to all network traffic.

It listens to the traffic for E-mail addresses, and upon learning of that, it sends a copy of itself via E-mail to that address!

It is even able to read newsgroups and get plugins for itself from there!

Easy identification field guide for basic "mutations" caused by plugins:

  • Attachment may have a random name (like JHEWHEWE.EXE)
  • From: Hahaha <hahaha@sexyfun.net>, content may have something about sex (like "Snowhite and the Seven Dwarfs - The REAL story!")

Personally, I have got only those two variants; there are more. Consult web for more information. And remember, kids, never run executables you get as an attachment!

(Source: F-Secure)