News

Hacker Claims Credit to 'Here You Have' Virus in YouTube Video

In a video posted to YouTube on Sunday, a hacker by the name of "Iraq resistence" has taken credit for the "Here You Have" e-mail virus and has stated the worm has "… affected NASA, Coca-Cola, Google and most American [companies]." 

The video, posted with a computerized female voice, cites America's foreign policy, specifically with regards to Iraq, for the reason behind the individual unleashing the malware into the public. The anonymous person also went on to criticize the U.S. media for calling the hacker in question a terrorist and not giving Terry Jones, the Florida preacher who had planned to host a Koran burning on the anniversary of 9/11, the same label.  

Written in Visual Basic and time stamped 9/3/2010, the malware sends out e-mails that provides a link to a supposed PDF file or video. The link then redirects users to an executable file that installs the virus and an autorun.inf file to local drives. Once installed, it attempts to disable any antivirus software and then sends e-mails to a link to the virus to all contacts in a user's Outlook address book.

According to a Microsoft Malware Protection Center (MMPC) blog posting, the worm has spread through many U.S. enterprises through their Outlook system.

"As more machines on a corporate network are infected, more and more e-mail is sent around on the local network, which can cause mail server performance degradation. The threat also sends back information about the compromised system, specifically IP addresses and system information via a built-in SMTP/ESMTP (mail-transfer) engine," Microsoft commented in the MMPC blog entry.

As of Friday, the link that leads to the malware has been deactivated. However, Microsoft warns the threat of corporate inboxes being filled by e-mails coming from corrupted computers is still taking place. They also point out that the majority of personal computer users have not been hit by the worm, with 98 percent of reported affected systems coming from "business environments."

The "Here you have" virus is very reminiscent of earlier malware sent through e-mail that was largely predominant ten years ago, like the "iloveyou" worm. However, unlike the 2000 virus that automatically installed on a user's computer when the e-mail was simply opened, the "Here you have" worm was accessed only by clicking on the link provided in the e-mail body.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.