Prolin, Hybris worms poised to strike today

Two email viruses -- one of them masquerading as a Shockwave file - are expected to make their presence felt in New Zealand today.

Two email viruses – one of them masquerading as a Shockwave file - are expected to make their presence felt in New Zealand today.

Network Associates' Australian office issued a high risk virus alert on Saturday morning regarding an Internet worm called Prolin Shockwave, a mass-email spreading virus that disguises itself as an innocent Shockwave movie file.

The subject line in the email read 'Check out this new flash movie that I downloaded just now ... It's Great Bye' and the worm itself is coded in Visual Basic 6 and compiled as an executable named "creative.exe". It carries the icon of a Shockwave Media Player application but is not. When it is opened its author boasts "got yet another idiot".

The worm doesn't destroy files on a user's computer but renames all files of the ".jpeg" and ".zip" type and moves them to the PC's root directory.

Network Associates' McAfee subsidiary said it expected "significant impact" this morning in Australia and New Zealand when PC users boot up and start opening emails.

Meanwhile the sophisticated Hybris worm was showing up in increasing volumes, especially on mailing lists, on Friday and seems set to make an impact here. The worm contains components (plugins) in its code that are executed depending on what worm needs, and these components can be upgraded from an web site. The major worm versions are encrypted with semi-polymorphic encryption loop.

The variant on the worm seen here has the subject line 'Snowhite and the Seven Dwarfs - The REAL story!' and a file named midgets.scr attached, but the virus can use a variety of subject and file names.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]