Virus name:   Snow White.

Status:   Real.

Example:   [Collected on the Internet, 2002]

From: Hahaha [hahaha@sexyfun.net] Subject: Snowhite and the Seven Dwarfs - The REAL story! Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and polite with Snowhite. When they go out work at mornign, they promissed a *huge* surprise. Snowhite was anxious. Suddlently, the door open, and the Seven Dwarfs enter...

(This message is accompanied by an attachment with a .SCR or .EXE file extension .)
Origins:   Snow White (also known as W95.Hybris.gen) is a worm activated when a victim receives a message like the one quoted above and executes its attachment. The worm modifies (or replaces) the recipient's wsock32.dll file, then replicates by sending the same message (with a forged return address of hahaha@sexyfun.net to addresses found in the recipient's e-mail (both inbound and outbound messages) or addresses found in web pages browsed by the recipient.

See the links below for more information on how to detect and remove Snow White.

Additional Information:

	W95.Hybris.gen (Symantec Security Response)
	W32/Hybris.gen@MM (McAfee Virus Information Library)

Last updated:   29 January 2008

Urban Legends Reference Pages © 1995-2013 by Barbara and David P. Mikkelson.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.