Sonic The Worm Hits PC Industry

You
may have heard of Sonic the Hedgehog, the popular console game, but
now get ready for Sonic the virus. No, it's not a game, but a real
virus, and the bad news is that the wretched program is
self-updating.

Kaspersky Labs reported that the worm was discovered Monday in France
and Germany "in the wild," and, judging from today's reports from the
IT security industry, it looks like the virus is spreading quickly
around the world.

The Russian anti-virus specialist said that the distinctive feature
of the malicious program is its ability to update itself - i.e. to
automatically download additional component functionality via the
Internet.

The worm consists of two parts -the loader and the main module.
Copies of the loader are being distributed across the Internet by
e-mail.

Kaspersky said that once the virus penetrates into the PC's operating
system it then initiates the connection to the hacker's site on the
Geocities free Web hosting server.

From here Sonic tries to illegally download the main module and
install it on the infected PC. Unfortunately, the procedure for
downloading the main module has been built in such a way that the
worm's author can define its content.

The main purpose of the main module is unauthorized data capture,
tracking all the users' activities and gaining remote control over
the infected computer - this is known as backdoor functionality,
Newsbytes notes.

Kaspersky Lab said it believes that the worm author can easily change
the main module's payload, with possibly much more dangerous and
destructive content.

After the main module is installed, the worm secretly gains access to
the Windows address book (WAB), extracts e-mail addresses available
there and sends out infected messages, containing copies of the
worm's loader, to all of the encountered recipients.

Denis Zenkin, head of communications for the Moscow-based IT security
firm, said that this is not the first case involving a self-updating
malicious application.

"Before Sonic, the Babylonia virus and the Resume worm had the same
capabilities," he said, adding that what is disturbing is that this
feature appears to have become a new standard for malicious programs,
since more and more of them can update themselves via the Internet.

"This is a very dangerous trend as it allows hackers to extend their
malware's abilities in real-time with direct connection to the
infected computers," he said.

Kaspersky has posted details on Sonic to its virus encyclopaedia at
http://www.viruslist.com.

The firm's main site is at http://www.kaspersky.com