July 2004
Under Atak
New mass mailer proves difficult to read
There's a new mass mailer in town, and it's built to make the work of analysts even more difficult than it already is.
The new meanie, which goes by the name of Atak, uses a few nifty tricks to escape analysis. First and foremost, it checks to see if it's being run in a debugging environment, and exits to avoid detection. This prevents casual perusal of the code by researchers and rival script kiddies alike.
Moreover, a possible bug (related to the way it checks for the activation date) prevents it from being run in a "sandbox" (a virtual test tube, used by researchers to observe the behavior of malware).
"I haven't seen such ruses used in a mass mailer in a long time. This piece of code is so sloppy, it's devious." declared Mircea Ciubotariu, BitDefender antivirus researcher.
Other than that, the virus makes a thorough job of scanning for valid e-mails, by checking (among others) even for the archives of the Moldavian-built "The Bat" mail client.
"I can't tell for sure where the writer is from, but there are some clues and hints of his whereabouts." Ciubotariu concluded.
Further information about the new virus is available in the BitDefender virus encyclopedia.
About Bitdefender®
Bitdefender is the creator of one of the world's fastest and most effective lines of internationally certified internet security software.Since 2001, the company has been an industry pioneer, introducing and developing award-winning protection. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.
Recently, the company has won a range of key independent recommendations in the US, UK and across Europe, including ConsumerSearch, Which?, Stiftung Warentest and Taenk. Bitdefender antivirus technology has also finished top in leading industry tests from both AV Test and AV-Comparatives. More information about Bitdefender's antivirus products is available from the company's security solutions press room. Additionally, Bitdefender publishes Malware City providing the latest updates on security threats and helping users stay informed in the everyday battle against malware.