HYBRIS WORM
This has to be one of the most advanced worms out in the wild to date. It uses a 128bit RSA encryption loop matched with semi-polymorphic properties. The worm tries to infect wsock32.dll library and writes itself to the end of last file section - hooks "connect" , "recv" , and "send" functions. While the dll is being loaded the worm encrypts the original entry routine. The worm sniffs on WSOCK32.dll for emails, when it locates an email it will attempt to email a copy of itself to that address. This worm has plugin support. So far 32 different plugins have been located for this worm.