Thursday, September 23, 2010

FBI Investigating 'Here You Have' Worm

Via PC World -

The FBI has launched an investigation into the "Here you have" worm, which disrupted corporate e-mail systems in the U.S. two weeks ago.

Representatives from the FBI's Miami field office spoke with IDG News Service this week seeking information on the hacker behind the worm. A hacker using the name Iraq Resistance has exchanged a number of e-mails with IDG over the past two weeks discussing the incident.

"Here you have" was a big deal in North America, temporarily gumming up e-mail systems in large organizations such as Disney, Proctor & Gamble and NASA. On the day it was unleashed it accounted for between 6 percent and 14 percent of all spam on the Internet, according to Cisco Systems.

-------------------------------------------------------------------------------------------------------------------------

Me and Iraq Resistance -- a conversation with a worm author
http://blogs.csoonline.com/1263/me_and_iraq_resistance_a_conversation_with_a_worm_author

On Sept. 9 the "Here you have" worm started spreading and many antivirus researchers immediately felt like they were getting a blast from the past. Even the worm's subject line, "Here you have" was lifted from the Anna Kournikova virus. And as with past old-school outbreaks, "Here you have's" author is happy for whatever publicity he can get to promote his criticism of the U.S. war in Iraq and a planned public burning of the Koran -- which seems to have inspired the worm in the first place. He's posted a YouTube video, and he seems happy to answer emails sent to his Yahoo address.

Here's what he's told me over the past few weeks. Most of these e-mails were sent just after the worm was released.

---------------------------------------------------------------------------------------------------------------------------

SecureWorks: Win32/Visal.B Email Worm Post-Mortem Analysis
http://www.secureworks.com/research/threats/visal-b/

SecureWorks: Here You Have Worm and E-Jihad Connection
http://www.secureworks.com/research/blog/index.php/2010/09/13/here-you-have-worm-and-e-jihad-connection/
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)