Security Researchers Debunk Atak Worm-Al Qaeda Link

There may be more hype than hubbub with the release of Atak.B worm, security researchers say, discounting reports of a Al Qaeda link to the exploit.

A new variant of the Atak worm, initially dubbed Atak.B, has been reported by most antivirus companies. However, the buzz around the malware—with its reported connection to the terrorist group Al Qaeda—may be greater than the threat itself, security professionals observed.

Security researchers generally categorized the threat level of this new variant as low, thanks in part to the minimal risk presented by the original Atak.A worm. Either variant affects only PCs running Windows 95 through Windows XP.

Initial awareness of the worm was sparked by a press release from Budapest, Romania-based Bitdefender, the trade name for Softwin SRLs antivirus product lines. In the release, a company spokesperson intimated that the worm was written by a Malaysian hacker who had once claimed he would release a potent worm should the United States attack Iraq. Some have taken this to imply a connection between the hacker and the terrorist group Al Qaeda.

However, while a record of a link between the hacker and organized groups has yet to be uncovered, several antivirus companies have found no signature in the Atak.B worm leading to any particular author.

Vincent Gulotto, the vice president of Santa Clara, Calif.-based McAfee Inc.s Antivirus and Vulnerability Emergency Response Team (AVERT), said that the companys researchers had not seen any evidence of an authors signature.

"Is it possible it was written by a terrorist? Sure. Is it possible it was written by the guy who plays Mickey Mouse at Disneyland? Sure," he said.

/zimages/6/28571.gifFor insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

Gulotto also dismissed any worry that Atak.B would have any significant effect on security. "Bagle.AF is a hundred times more prevalent," he said, noting that hed seen no samples of Atak.B in the wild.

/zimages/6/28571.gifClick here to read more about the Friday release of Bagle.AF.

"Any real damage would be done by someone getting into the infrastructure," he said, not by a worm writer. "Something designed like this is nothing different," he added, saying Atak.B has little chance of being nearly as damaging as the MyDoom or SoBig viruses.

According to the security site Secunia, the first company to file a report on Atak.B was by Panda Software SL, which has headquarters Glendale, Calif. Panda described Atak.B as a worm that propagates through e-mail and peer-to-peer file sharing programs.

Once present on a PC, Atak.B seeks out and terminates "certain processes," according to Panda. Among these targeted processes are not only antivirus software and firewalls, but adware, spyware, and other worms. So far, there are no concrete reports of Atak.B successfully disabling other viruses.

Still, despite its attempts to kill other malicious pieces of software, the Atak.B worm open to all other attacks, thanks to its disabling of firewalls and antivirus applications.

/zimages/6/28571.gifCheck out eWEEK.coms Security Center at for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page