- Related Stories
-
Worm sleeps to avoid detection
July 13, 2004 -
Plugging holes against cyberattacks
February 26, 2004 -
E-terrorism: Digital myth or true threat?
August 26, 2002 -
The FBI's cybercrime battle
June 19, 2002
special report
E-terrorism
Digital myths diverting
eyes from true threats?
Romanian antivirus company Bitdefender claims the worm's author has signed his nickname into an encrypted part of the worm's code.
Mihai Radu, communications manager at BitDefender, said the virus, discovered Friday, is signed by Melhacker, which is the moniker of a Malaysian-based coder called Vladimor Chamlkovic, who in 2002 threatened to release an "uber-worm" if the United States attacked Iraq.
Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said it is possible that Melhacker wrote Atak.B but that doesn't mean it has anything to do with al-Qaida.
"I think there's no proof anywhere that Melhacker is in any way associated with al-Qaida. He might want to be, though," said Hypponen.
According to Radu, Atak.B is a mass-mailing worm that tries to turn off the most popular antivirus and firewall applications and then open a back door to give control of the system to the author. Like its predecessor, the worm attempts to avoid being detected by antivirus researchers by going to sleep when scanned.
Hypponen said Melhacker has released several viruses, including Nedal ("Laden," as in Osama bin Laden, backward) and Blebla. In a 2002 interview with U.S.-based Computerworld Magazine, Melhacker said he had combined the worst of the Nimda, Klez and SirCam viruses to create a superworm called Scezda. At the time, he said the worm was written and ready to be released, but so far it has not materialized.
Munir Kotadia of ZDNet UK reported from London.
