New Virus Can Change its Stripes The Hybris worm uses plug-ins to alter its own features. By Jack Karp November 16, 2000 A new worm is illustrating just how advanced viruses are becoming.

Known as Hybris, the new worm was first discovered in September and rated as a low risk by most antivirus experts.

Since then, however, Hybris has called more attention to itself due to its unique ability to use encrypted plug-ins downloaded from the Internet to change its own features.

It is "perhaps the most complex and refined malicious code in the history of virus writing," a recent statement from Moscow's Kaspersky Lab insists. "The components themselves give the virus writer the possibility to modify his creation in 'real time,' and in fact allow him to control infected computers worldwide."

Hybris also has the ability to hide itself in emails written in any of four languages: English, French, Spanish, and Portuguese. The sender may be "Hahaha," and the subject line may refer to pornography.

Kaspersky Lab announced that it has seen a rise in reports of the virus, and researchers at Symantec claim to have received approximately 100 reports of the virus over the past few weeks.

Most antivirus groups are still rating Hybris as a low risk, though, and companies such as McAfee.com and F-Secure are claiming to have received only a few phone calls about it.

"There is so much trashy virus material out there," says Rob Rosenberger, virus expert and administrator of Vmyths.com. "This one seems to be one that has the antivirus industry earning their pay for once."

http://www.techtv.com/techtvnews/

-- Martin Thompson (mthom1927@aol.com), November 18, 2000