The Web    Google
12/17: Atak.J Worm Uses Own Engine

12/17: Atak.J Worm Uses Own Engine
December 17, 2004

W32/Atak.j@MM is another variant of the Atak worm family. It bears the following characteristics:

  • harvests email addresses from the victim machine
  • spoofs the From: address
  • constructs messages using its own SMTP engine

    When run, the worm installs itself into the Windows system directory as SEC5DEC.EXE, for example:


    The following Registry key is added to hook system startup:

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion \Windows "run" = C:\WINDOWS\SYSTEM32\SEC5DEC.EXE

    The worm creates a mutex on the victim machine with the following name:


    More information can be found at McAfee page.

  • 4/6: Randex-DFJ Worm Attacks Passwords
  • Macromedia Patches MX 2004 Security Flaws
  • Sony Bundles Backup and Disaster Recovery Solutions
  • ChoicePoint Stops Selling Some of Your Info
  • 1/5: Rbot-SQ Worm Has Backdoor Abilities
  • Author of Zafi-B Worm Trailed to Hungary
  • Netsky-P a Year Old and Going Strong
  • New ID-Synch Access Management Software Ties to HR Systems
  • AirDefense Describes Lack of Client Security at Show
  • 3/21: Sumon-C an IM and P2P Worm
  • 4/12: Mytob-AR Yet Another Variant
  • Compare Security Camera Products