Panda Alert: Three variants of Atak worm

Discussion in 'malware problems & news' started by Randy_Bell, Dec 16, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    - ORANGE ALERT: Three variants of the Atak worm join Zafi.D
    in wishing users a "Merry Christmas" -
    Virus Alerts, by Panda Software ( ​

    MADRID, December 15, 2004 - PandaLabs has detected the appearance of variants H, I and J of the Atak worm, which spread in messages that pass themselves off as Christmas greetings. These are similar to the Zafi.D worm, which appeared yesterday and also uses the same type of social engineering technique to spread.

    The new variants of the Atak worm are very similar to one another; only differing in aspects like the size of the file attached to infected email messages. However, due to a programming error, Atak.J cannot send itself out. Panda Software clients who already have the new TruPrevent Technologies installed have been protected against all of these malicious code since they first emerged, as these preventive technologies have been able to detect and block them without needing to be able to identify them first (more information about the new TruPrevent Technologies at

    The new variants of Atak reach computers in email messages with the subject Merry X-Mas! or Happy New Year! and the message text Happy New year and wish you good luck on next year! or Mery Chrismas & Happy New Year! 2005 will be the beginning! What's more, the address of the sender of the messages is spoofed, as they use the addresses they collect from other infected computers. The attachment is always compressed in zip and contains a file that could be called bat, com, pif or scr. If the user runs this file, the worms create copies of themselves in the Windows system directory under the name dec25.exe. At the same time, they use their own SMTP engine to send themselves out to all the addresses they find in files with certain extensions stored on the affected computer.

    "We are witnessing an attempted -we don't know if it is organized or not-, to saturate users' inboxes with a huge number of virus infected Christmas greetings. This is obviously a significant threat to computers that are not properly protected, as the probability of being hit by one of these new malicious code is very high, especially considering that at this time of the year, it is not unusual to receive a large amount of emails of this kind. However, it is also possible that, over the next few hours, other viruses that use the same technique will appear. For this reason, it is highly recommendable to take precautions when opening email messages," explains Luis Corrons, head of PandaLabs.

    The Zafi.D worm, which spreads in a message with the text Happy holidays! written in the language of the recipient of the email, is still spreading around the globe and causing incidents in users' computers. In fact, it has been the virus most frequently detected by the free online antivirus Panda ActiveScan for a few hours now. What's more, the difference between the percentage of detections of this worm and the second malicious code in the ranking is growing. To prevent Zafi.D from reaching epidemic levels, Panda Software has released its free PQREMOVE utility, which detects and eliminates Zafi.D from all the computers it may have infected. This tool can be downloaded from:

    Due to the high possibility of being infected by Zafi.D or the new variants of Atak, Panda Software advises users to take precautions with any email messages they receive and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect these new malicious code.

    Panda Software's clients can already access the updates for installing the new TruPrevent Technologies along with their antivirus protection, providing a preventive layer of protection against these and other new malicious code. For users with a different antivirus program installed, Panda TruPrevent Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPrevent Technologies at

    In addition, users can scan their computers online for free with Panda ActiveScan, available at

    For further information about the Atak and Zafi.D worms, visit Panda Software's Virus Encyclopedia at:
Thread Status:
Not open for further replies.