mriya225
2nd Nov 2000, 07:59
Just got this virus alert and wanted to share it with you all:
A newly discovered virus is spreading throughout Europe and may threaten the United States. Sonic.Worm is an e-mail virus that keeps itself up-to-date by downloading enhancements from a web site.
"Win32.Sonic.56 can act as a backdoor to allow a hacker access to your PC..."
An Invasion Possible:
Most major anti-virus software manufacturers, such as Symantec and Computer Associates, are getting reports of Sonic.Worm infections from France and Germany and a small number of reports from Canadian provinces. Although it is undetermined how many PCs in the United States are infected, all e-mail viruses should be treated with an ounce of prevention since they tend to be very prolific.
The Perpetrator:
Sonic.Worm will arrive as an e-mail message that has the following subject:
Choose Your Poison, or I'm your poison
The virulent part of the e-mail is an executable attachment named:
girls.exe, or lovers.exe
If you are unlucky enough to launch the executable, the following text will be displayed in a Windows message box:
"girls.exe is not a valid Win32 application.", or "lovers.exe is not a valid Win32 application."
Sonic will copy itself to the Windows system directory as a file called GDI32.exe and install itself in the System Registry under the Run Key as HKLM\Software\Microsoft\Windows\Current Version\Run"GDI"=C:\Windows\System\GDI32.exe
Once the file loads to your system it tries to update itself with a file called "Lastversion.txt" from www.geocities.com. (http://www.geocities.com.) The text file that is downloaded is non-virulent. It contains information telling Sonic.Worm what the latest version of the virus is. For example, if "Lastversion.txt" contains the number 52, a file named 52.zip is downloaded and used to update Sonic.Worm to the most current version.
Note: According to sources at Computer Associates, the latest version, Win32.Sonic.56, can act as a backdoor to allow a hacker access to your PC. Once they have admission to your PC, they can steal passwords or manipulate files contained on your hard drive.
http://updates.zdnet.com/articles/ax_51127.htm (article)
Source: www.zdnet.com (http://www.zdnet.com)
A newly discovered virus is spreading throughout Europe and may threaten the United States. Sonic.Worm is an e-mail virus that keeps itself up-to-date by downloading enhancements from a web site.
"Win32.Sonic.56 can act as a backdoor to allow a hacker access to your PC..."
An Invasion Possible:
Most major anti-virus software manufacturers, such as Symantec and Computer Associates, are getting reports of Sonic.Worm infections from France and Germany and a small number of reports from Canadian provinces. Although it is undetermined how many PCs in the United States are infected, all e-mail viruses should be treated with an ounce of prevention since they tend to be very prolific.
The Perpetrator:
Sonic.Worm will arrive as an e-mail message that has the following subject:
Choose Your Poison, or I'm your poison
The virulent part of the e-mail is an executable attachment named:
girls.exe, or lovers.exe
If you are unlucky enough to launch the executable, the following text will be displayed in a Windows message box:
"girls.exe is not a valid Win32 application.", or "lovers.exe is not a valid Win32 application."
Sonic will copy itself to the Windows system directory as a file called GDI32.exe and install itself in the System Registry under the Run Key as HKLM\Software\Microsoft\Windows\Current Version\Run"GDI"=C:\Windows\System\GDI32.exe
Once the file loads to your system it tries to update itself with a file called "Lastversion.txt" from www.geocities.com. (http://www.geocities.com.) The text file that is downloaded is non-virulent. It contains information telling Sonic.Worm what the latest version of the virus is. For example, if "Lastversion.txt" contains the number 52, a file named 52.zip is downloaded and used to update Sonic.Worm to the most current version.
Note: According to sources at Computer Associates, the latest version, Win32.Sonic.56, can act as a backdoor to allow a hacker access to your PC. Once they have admission to your PC, they can steal passwords or manipulate files contained on your hard drive.
http://updates.zdnet.com/articles/ax_51127.htm (article)
Source: www.zdnet.com (http://www.zdnet.com)