BitDefender sees Al-Qaeda link in new Atak worm

The 'smart' worm that sleeps when scanned has sprouted a variant that appears to be written by someone claiming links to Al-Qaeda, according to antivirus firm BitDefender

A second variant of the Atak worm, which goes to sleep to avoid detection by antivirus software, has been linked to an Al-Qaeda sympathiser who once threatened to release a powerful worm if the US attacked Iraq.

Romanian antivirus firm Bitdefender claims the worm's author has signed his nickname into an encrypted part of the worm's code.

Mihai Radu, communications manager at BitDefender, told ZDNet UK that the virus, discovered on Friday,  is signed by Melhacker, which is the moniker of a Malaysian-based coder called Vladimor Chamlkovic, who in 2002 threatened to release an "uber-worm" if the US attacked Iraq.

Mikko Hyppönen, director of antivirus research at Finnish company F-Secure, said it is possible that Melhacker wrote Atak.B but that doesn't mean it has anything to do with Al-Qaeda.

"I think there's no proof anywhere that Melhacker is in any way associated with Al-Qaeda. He might want to be, though," said Hyppönen.

According to Radu, Atak.B is a mass-mailing worm that tries to turn off the most popular antivirus and firewall applications and then open a backdoor to give control of the system to the author. Like its predecessor, the worm attempts to avoid being detected by antivirus researchers by going to sleep when scanned.

Hyppönen said Melhacker has released several viruses, including Nedal (Laden backwards) and Blebla. In a 2002 interview with US-based Computerworld Magazine, Melhacker said he had combined the worst of the Nimda, Klez and SirCam viruses to create a super worm called Scezda. At the time, he said the worm was written and ready to be released, but so far it has not materialised.