Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Worm/Atak.M
Date discovered:13/12/2012
Type:Worm
In the wild:No
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low
Static file:Yes
File size:11.885 Bytes
MD5 checksum:95b9fa3fe126cf8c3144ce62901d47c3
VDF version:7.11.53.216

 General Method of propagation:
   • Email


Aliases:
   •  Symantec: W32.Atak.G@mm
   •  Mcafee: W32/Atak.j@MM
   •  Kaspersky: Email-Worm.Win32.Atak.i
   •  TrendMicro: WORM_ATAK.K
   •  F-Secure: W32/Atak.L@mm
   •  Sophos: W32/Atak-K
   •  Grisoft: I-Worm/Atak.J
   •  VirusBuster: I-Worm.Scroll


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Side effects:
   • Uses its own Email engine

 Files It copies itself to the following location:
   • %SYSDIR%\sec5dec.exe



It copies itself within an archive to the following location:
   • %TEMPDIR%\tmp%random character string%.tmp



It deletes the following file:
   • %TEMPDIR%\tmp%random character string%.tmp

 Registry The following registry key is added in order to run the process after reboot:

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   • "run"="%SYSDIR%\sec5dec.exe"

 Email It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:


From:
The sender address is spoofed.


To:
– Email addresses found in specific files on the system.
 Email addresses gathered from WAB (Windows Address Book)
Email addresses gathered from Yahoo! Messenger
Email addresses gathered from MSN Messenger


Subject:
One of the following:
   • HAPPY X-MAS TO U!
   • X-MAS GREETING!



Body:
– Contains HTML code.

   • Forgive me if I have make some mistake and hope much better next year!
     Happy X-Mas and New Year!
     -----------------------
     http://www.makelovewithspam.com

   • I would like to say Happy X-Mas if you celebrate it and Happy New Year! Be matured not childish!
     -----------------------
     http://www.makelovewithspam.com


Attachment:
The filename of the attachment is one of the following:
   • santa_gift.zip
   • present.zip
   • scroll.zip
   • attached.zip



The email may look like one of the following:



 Mailing Search addresses:
It searches the following files for email addresses:
   • log; html; msg; eml; mht; dbx; asp; php; jsp; htm; txt

 File details Programming language:
The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Sergiu Oprea on Thursday, August 11, 2005
Description updated by Sergiu Oprea on Tuesday, August 30, 2005

Back . . . .