GEN:SID | 1:720 |
Message | Virus - SnowWhite Trojan Incoming |
Summary | This event is generated when email is received from a Post Office Protocol (POP) server that may contain an attachment with the Snow White worm.
|
Impact | Possible system compromise. The worm can alter system files and registry key settings.
|
Detailed Information | The Snow White worm, also known as Hybris, may contain text with a unique misspelling of "Suddlently". This worm attempts to write to the wsock32.dll library. It may also attempt to alter registry key settings.
|
Affected Systems | Microsoft Win32 systems.
|
Attack Scenarios | The worm is spread by e-mail and attempts to infect other hosts when a user opens the e-mail attachment.
|
Ease of Attack | Simple
|
Corrective Action | Make sure that the suspected infected host has the most current anti-virus software.
Run a virus scan on the suspected infected host.
|
Additional References | F-Secure: http://www.f-secure.com/v-descs/hybris.shtml
|