Meet the Sonic Worm
from The Zone Alarm
December 19, 2000

The not-so-cuddly gift you don't want to give (or receive) this Christmas. It was the night before Halloween and something nasty was about to go bump on the net. On the cold October 30th morning anti-virus researchers in a Moscow lab were busy dissecting an alarming new virus that had just been discovered in France and was quickly spreading across the border into neighboring Germany.

Sonic the Internet Worm heralded a disturbing new generation of computer virus. A smart stealth virus that was designed not to cause mayhem, havoc, or global disruption, but to quietly find a home in the user's computer, invite its more potent master to join it, and slowly take over control of the computer.

Smart viruses are not new. But they are becoming more powerful and more widespread, and represent an entirely new type of challenge to computer users.

Sonic has two personalities - the first is the slave that infects the user's computer and finds a safe place to lodge. Once settled in it makes a call across the Internet to its master, or main module, and the master downloads a more virulent payload.

The master is the smart part of the troublesome tag team, and has four main objectives:

  1. To steal data from the user's computer (like passwords, credit card numbers, and financial data).
  2. To track the user's behaviour - to see which sites they visit, what networks they connect to, how they identify themselves to other computers etc.
  3. To infect other computers by spreading through the user's email address book.
  4. To ultimately take control of the user's computer.

The most alarming feature of Sonic is its ability to take instructions from its creator, who may live on the other side of the world. Sonic can also be directed to perform specific tasks (like delete all financial records the day before tax filing), and it can even be updated and modified to evade anti-virus mechanisms and reside in the host for years. Sonic can also accept delivery of even more lethal payloads from its creator.

While Sonic is still considered a low risk by security experts - meaning it's not spreading like wildfire and should be detected by most good anti-virus products, that's little consolation if a user has already been infected. The biggest problem for the user is discovering they've been infected.

Sonic is also a warning sign of how potent and dangerous viruses have become, and that their creators are becoming more skilled and ambitious. They're also more focused, and more interested in quietly stealing data than crashing our computers or clogging our email.

With the holiday buying season approaching, the risks from the pesky critters increase dramatically. Sonic can hide in electronic greeting cards and cartoons, sent innocently by family, friends, co-workers, and customers. It can hide in email invitations. It can hide in bogus receipts from online stores who ask for confirmation of a $350 purchase you didn't make. Or it can hide in electronic requests for help from a bogus Christmas charity.

Perhaps the biggest threat from Sonic is its ability to tamper with and steal our identity, targeting bank account details, social security numbers, passwords, and access to our employer's computers.

The best defense against viruses like Sonic is vigilance. Be aware and suspicious. Be cautious about opening electronic greeting cards or cartoons, and about sending them. Don't open email attachments from people or organizations you don't know. And don't fall for last minute email offers - on gifts, electronics, holiday travel etc. that appear just too good to be true.

If you're going to spend any money on yourself this Christmas, invest in a good anti-virus product that is regularly updated (like PC-cillin from our anti-virus partner Trend Micro And if you're already a ZoneAlarm or ZoneAlarm Pro user Sonic is unlikely to be able to spirit your data across the Internet, giving you a warning if the intruder even tries.

Whatever anti-virus product you use, make sure it's up-to-date (the vendor should be able to tell you whether or not it blocks Sonic - check their web site).

Don't be the next innocent user to let Sonic in the door this Christmas - remember, the bug stops here!

Back To The Study