'Atak' worm variant linked to al-Qaida sympathizer
Variant of "smart" worm that sleeps to avoid antivirus scans bears signature of hacker who's claimed support for the group.
 | ||||
| | | ||
| special report  Digital myths diverting eyes from true threats? | | ||
| ||||
| ||||
Romanian antivirus company Bitdefender claims the worm's author has signed his nickname into an encrypted part of the worm's code.
Mihai Radu, communications manager at BitDefender, said the virus, discovered Friday, is signed by Melhacker, which is the moniker of a Malaysian-based coder called Vladimor Chamlkovic, who in 2002 threatened to release an "uber-worm" if the United States attacked Iraq.
Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said it is possible that Melhacker wrote Atak.B but that doesn't mean it has anything to do with al-Qaida.
"I think there's no proof anywhere that Melhacker is in any way associated with al-Qaida. He might want to be, though," said Hypponen.
According to Radu, Atak.B is a mass-mailing worm that tries to turn off the most popular antivirus and firewall applications and then open a back door to give control of the system to the author. Like its predecessor, the worm attempts to avoid being detected by antivirus researchers by going to sleep when scanned.
Hypponen said Melhacker has released several viruses, including Nedal ("Laden," as in Osama bin Laden, backward) and Blebla. In a 2002 interview with U.S.-based Computerworld Magazine, Melhacker said he had combined the worst of the Nimda, Klez and SirCam viruses to create a superworm called Scezda. At the time, he said the worm was written and ready to be released, but so far it has not materialized.
Munir Kotadia of ZDNet UK reported from London.