A second variant of the Atak worm, which goes to sleep to avoid detection by antivirus software, has been linked to an al-Qaeda sympathiser who once threatened to release a powerful worm if the United States attacked Iraq.
Romanian antivirus company Bitdefender claims the worm's author has signed his nickname into an encrypted part of the worm's code.
Mihai Radu, communications manager at BitDefender, said the virus, discovered Friday, is signed by Melhacker, which is the moniker of a Malaysian-based coder called Vladimor Chamlkovic, who in 2002 threatened to release an "uber-worm" if the United States attacked Iraq.
Mikko Hypponen, director of antivirus research at Finnish company F-Secure, said it is possible that Melhacker wrote Atak.B but that doesn't mean it has anything to do with al-Qaeda.
"I think there's no proof anywhere that Melhacker is in any way associated with al-Qaeda. He might want to be, though," said Hypponen.
According to Radu, Atak.B is a mass-mailing worm that tries to turn off the most popular antivirus and firewall applications and then open a back door to give control of the system to the author. Like its predecessor, the worm attempts to avoid being detected by antivirus researchers by going to sleep when scanned.