Hacker Claims Credit to 'Here You Have' Virus in YouTube Video -- Redmondmag.com

Hacker Claims Credit to 'Here You Have' Virus in YouTube Video

By Chris Paoli
09/13/2010

In a video posted to YouTube on Sunday, a hacker by the name of "Iraq resistence" has taken credit for the "Here You Have" e-mail virus and has stated the worm has "… affected NASA, Coca-Cola, Google and most American [companies]."

The video, posted with a computerized female voice, cites America's foreign policy, specifically with regards to Iraq, for the reason behind the individual unleashing the malware into the public. The anonymous person also went on to criticize the U.S. media for calling the hacker in question a terrorist and not giving Terry Jones, the Florida preacher who had planned to host a Koran burning on the anniversary of 9/11, the same label.

Written in Visual Basic and time stamped 9/3/2010, the malware sends out e-mails that provides a link to a supposed PDF file or video. The link then redirects users to an executable file that installs the virus and an autorun.inf file to local drives. Once installed, it attempts to disable any antivirus software and then sends e-mails to a link to the virus to all contacts in a user's Outlook address book.

According to a Microsoft Malware Protection Center (MMPC) blog posting, the worm has spread through many U.S. enterprises through their Outlook system.

"As more machines on a corporate network are infected, more and more e-mail is sent around on the local network, which can cause mail server performance degradation. The threat also sends back information about the compromised system, specifically IP addresses and system information via a built-in SMTP/ESMTP (mail-transfer) engine," Microsoft commented in the MMPC blog entry.

As of Friday, the link that leads to the malware has been deactivated. However, Microsoft warns the threat of corporate inboxes being filled by e-mails coming from corrupted computers is still taking place. They also point out that the majority of personal computer users have not been hit by the worm, with 98 percent of reported affected systems coming from "business environments."

The "Here you have" virus is very reminiscent of earlier malware sent through e-mail that was largely predominant ten years ago, like the "iloveyou" worm. However, unlike the 2000 virus that automatically installed on a user's computer when the e-mail was simply opened, the "Here you have" worm was accessed only by clicking on the link provided in the e-mail body.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.