Internet Worm Found in Europe Updates Itself

[London, ENGLAND] A new Internet worm discovered in France and
Germany this week can update itself with new functionality, warns
anti-virus software company Kaspersky Lab.

The worm, named Sonic, consists of two parts — a loader and a
main module. Arriving via e-email, the loader penetrates the
PC’s operating system and automatically connects to a
hacker’s site on Geocities, from which it downloads the
main module.

Gaining what is known as “backdoor functionality” — remote
control of the user’s computer — the main module can not only
track all the user’s activities but also has the potential to
be extremely destructive. This, says Kaspersky, is because
the loader can return to the hacker’s site for more code.

Denis Zenkin, head of corporate communications for Russia-based
Kaspersky Lab, said it was not the first time malicious code
with a self-updating ability had appeared on the Internet. Prior
to Sonic were the so-called “Babylonia virus” and the
“Resumé worm” which had similar capabilities.

“However this is not something that catches our attention at
the moment. What is more disturbing is that this feature appears
to have become a new standard for malicious programs, since more
and more of them can update themselves via the Internet,” said
Zenkin.

Zenkin added that this is a very dangerous trend as it allows
hackers to extend their “malware’s abilities” in real-time with
direct connection to the infected computers.

Malware? Before stopping to admire the sheer poetry of computer
jargon, users may wish to find out more about the new worm
by checking Kaspersky’s Virus Encyclopedia viruslist.com.

In the version of the worm found in Europe on Monday, the
main module gains access to the Windows address book, extracts e-mail
addresses, and sends an infected message containing a copy of the loader
to each address.

The message in the first versions of the worm bears the subject line
“Choose your poison” — and comes with an attachment named GIRLS.EXE.

Clearly, users must be alert for other messages, given the self-updating
capabilities of the worm.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web