Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:720 |
Message | Virus - SnowWhite Trojan Incoming |
Summary | This event is generated when email is received from a Post Office Protocol (POP) server that may contain an attachment with the Snow White worm. |
Impact | Possible system compromise. The worm can alter system files and registry key settings. |
Detailed Information | The Snow White worm, also known as Hybris, may contain text with a unique misspelling of "Suddlently". This worm attempts to write to the wsock32.dll library. It may also attempt to alter registry key settings. |
Affected Systems | Microsoft Win32 systems. |
Attack Scenarios | The worm is spread by e-mail and attempts to infect other hosts when a user opens the e-mail attachment. |
Ease of Attack | Simple |
Corrective Action | Make sure that the suspected infected host has the most current anti-virus software. Run a virus scan on the suspected infected host. |
Additional References | F-Secure: http://www.f-secure.com/v-descs/hybris.shtml |
--
DID:591552
--
http://www.aanval.com/