We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Hybris.gen@mm
Detected by Microsoft Defender Antivirus
Aliases: Win32.Hybris (CA) Hybris (F-secure) W32/Hybris.gen@MM (McAfee) W95.Hybris.gen (Symantec) WORM_HYBRIS (Trend Micro)
Summary
Worm:Win32/Hybris.gen@mm includes both a virus and a worm component. The virus component infects WSOCK32.DLL, enabling the virus to activate when an Internet connection is established. The worm component spreads by monitoring outgoing e-mail traffic and, when a legitimate e-mail is sent, follows that by sending a second email to the same addresses. That email contains a copy of the worm. Worm:Win32/Hybris.gen@mm can download plug-ins via anonymous binary postings made to a particular newsgroup, thus changing the functionality.
Follow us
