The Web    Google
12/17: Atak.J Worm Uses Own Engine

12/17: Atak.J Worm Uses Own Engine
December 17, 2004

W32/Atak.j@MM is another variant of the Atak worm family. It bears the following characteristics:

  • harvests email addresses from the victim machine
  • spoofs the From: address
  • constructs messages using its own SMTP engine

    When run, the worm installs itself into the Windows system directory as SEC5DEC.EXE, for example:


    The following Registry key is added to hook system startup:

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion \Windows "run" = C:\WINDOWS\SYSTEM32\SEC5DEC.EXE

    The worm creates a mutex on the victim machine with the following name:


    More information can be found at McAfee page.

  • Application Insecurity --- Who is at Fault?
  • Taking on Cyber Crime's New Mob Ties
  • 5/3: Bbprox-A Trojan Acts as Proxy Server
  • 8/6: Lovgate-F a Mass-Mailing Worm
  • 3/8: Kelvir-D an IM Worm
  • Immunize Your Servers Against Attack
  • Buffer Overflows Patched in RealPlayer
  • 6/21: Korgo-N, O, P Exploit LSASS Flaw
  • VeriSign Intros WS-Security Implementation, Toolkit
  • Guidance Software Pushes Proactive Forensics
  • A Pattern Language For Spam
  • Security Camera Companies and products