Worm Atak

Discussion in 'malware problems & news' started by vserfer, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. vserfer

    vserfer Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    3
    I read about new worm Atak all writes that he can hide when it suspects that antivirus software is trying to detect it. But how virus can do something like this? Maybe someone know techical detail about this threat?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas

    Gladiator forums
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_ATAK.A is a worm that propagates via email, using its own Simple Mail Transfer Protocol (SMTP) engine. It looks for email recipients in files with specific extensions, in the infected computer. It runs on Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this memory-resident worm drops a copy of itself as HINT.EXE in the Windows system folder. This worm modifies the WIN.INI file and the registry, to allow itself to automatically execute at every system startup.

    Using its own SMTP (Simple Mail Transfer Protocol) engine to propagate via email, the worm sends email with the following details:

    From: (any of the following)
    • Andrew
    • george
    • kevin
    Subject: (any of the following)
    • Important Data!
    • Read the Result!
    Message body: Authorized Researcher Only.

    Attachment: (any of the following)
    • A .zip
    • <3-7 random lower-case characters>.zip.
    Using double extension names with many spaces in between them, the file contained in the .ZIP attachment is made to appear as a picture file (example: ABCD.GIF. EXE).

    The worm obtains target recipients’ email addresses from files with the following extensions found in the local machine:

    ADB, ASP, CFG, CGI, DBX, EML, HTM, HTM, JSP, LOG, MBX, MHT, MSG, NCH, ODS, PHP, PL, SHT, TBB, TXT, UIN, VBS, WAB, XML

    If you would like to scan your computer for WORM_ATAK.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_ATAK.A is detected and cleaned by Trend Micro pattern file #937 and above.
     
Loading...
Thread Status:
Not open for further replies.