News

Hacker Claims Credit to 'Here You Have' Virus in YouTube Video

In a video posted to YouTube on Sunday, a hacker by the name of "Iraq resistence" has taken credit for the "Here You Have" e-mail virus and has stated the worm has "… affected NASA, Coca-Cola, Google and most American [companies]." 

The video, posted with a computerized female voice, cites America's foreign policy, specifically with regards to Iraq, for the reason behind the individual unleashing the malware into the public. The anonymous person also went on to criticize the U.S. media for calling the hacker in question a terrorist and not giving Terry Jones, the Florida preacher who had planned to host a Koran burning on the anniversary of 9/11, the same label.  

Written in Visual Basic and time stamped 9/3/2010, the malware sends out e-mails that provides a link to a supposed PDF file or video. The link then redirects users to an executable file that installs the virus and an autorun.inf file to local drives. Once installed, it attempts to disable any antivirus software and then sends e-mails to a link to the virus to all contacts in a user's Outlook address book.

According to a Microsoft Malware Protection Center (MMPC) blog posting, the worm has spread through many U.S. enterprises through their Outlook system.

"As more machines on a corporate network are infected, more and more e-mail is sent around on the local network, which can cause mail server performance degradation. The threat also sends back information about the compromised system, specifically IP addresses and system information via a built-in SMTP/ESMTP (mail-transfer) engine," Microsoft commented in the MMPC blog entry.

As of Friday, the link that leads to the malware has been deactivated. However, Microsoft warns the threat of corporate inboxes being filled by e-mails coming from corrupted computers is still taking place. They also point out that the majority of personal computer users have not been hit by the worm, with 98 percent of reported affected systems coming from "business environments."

The "Here you have" virus is very reminiscent of earlier malware sent through e-mail that was largely predominant ten years ago, like the "iloveyou" worm. However, unlike the 2000 virus that automatically installed on a user's computer when the e-mail was simply opened, the "Here you have" worm was accessed only by clicking on the link provided in the e-mail body.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

  • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

    Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.