W32.Sondia


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Jul 2006
Damage: Low

Characteristics: The W32.Sondia program is a worm that multiplies over network shares and floppy disks.

More details about W32.Sondia

The W32.Sondia program is a worm that multiplies over network shares and floppy disks. When the W32.Sondia worm is opened, it duplicates itself as “C:WINDOWSSYSTEM32sound.exe”, “C:WINDOWSsound.exe”, and “C:WINDOWSSYSTEMsound.exe”. Then the worm duplicates itself to drives as “Premiya.exe”, “Otkrytka.exe”, “Internet.exe”, “AdultFree.exe”, “Telefone.exe”, “Hacker.exe”, “1C.exe”, “Spravochnik.exe”, “Foto.exe”, “Tetki best.exe”, “Kompromat.exe”, “Telefons baza.exe”, “Patoli.exe”, “CityBank.exe”, “Playboy_ONLINE.exe”, “Fashion.exe”, “MP3 web-arhiv.exe”, “2.exe”, and “Playgerl.exe”. The worm shows icons for these .exe files in the “Winword” icon, so that the user is fooled into thinking that they are “Word” files.

The W32.Sondia worm is considered malware by security experts because of the undesirable consequences it produces to the affected computer. The application disables computer security settings and makes possible the sharing of sensitive and personal information to unknown or unauthorized users. This program can also create unsolicited changes in the system files or even erase these files from the computer itself without the user even knowing it. Moreover, the program consumes too much system resources to such point the user experiences a marked reduction in system speed and performance.