Hacker Posts Video Claiming 'Here You Have' Worm
"Iraq resistance" posts video in which he takes credit for rampant e-mail virus.
Sept. 13, 2010— -- A hacker nicknamed "Iraq resistance" appears to have posted a YouTube video Sunday in which he takes credit for the widespread e-mail virus that swept through corporate e-mail systems last week.
The video, which displays only a map of Spain's Andalusia region and the name of the virus, "Here You Have," identifies "Iraq resistance" as the leader of the Tarek Bia Ziad Group.
"Listen to me about the reasons behind the 9 September virus that affected NASA, Coca-Cola, Google and most American [companies]," the hacker says in a computerized voice. "What I wanted to say is that U.S. doesn't have the right to invade our people and steal oil under the name of nuclear weapons."
The hacker goes on to chastise Americans for being unfair in calling him (or her) a terrorist but not applying the same label to Terry Jones, the Florida pastor who called for people around the world to burn copies of the Koran on Sept. 11.
In the video, "Iraq resistance" also says that the virus wasn't as harmful as it could have been.
"I don't like smashing and ... there were no computers smashed, as you know from the analysis report, I could smash all those infected, but I wouldn't. And don't use the word 'terrorist' please. I hope all people understand that I am not negative person," he says.
Even though the YouTube account used to post the video, "iqziad," is listed as originating from Spain, Atlanta-based security firm SecureWorks said it suspected that "Iraq resistance" is a Libyan hacker who has tried, since 2008, to unite other like-minded hackers in a cyberjihad.
SecureWorks said the worm first appeared in August, although that attack was much smaller in scale.
The company said both the August worm and the worm that hit corporate e-mail services last week referred to "Iraq resistance." SecureWorks said that according to a 2008 posting from the hacker, the hacker's goal is "to penetrate U.S. agencies belonging to the U.S. Army."
Joe Stewart, director of malware research at SecureWorks, said the hacker is part of a group called Brigades of Tariq ibn Ziyad. According to messages posted on an Internet forum (the messages been removed but are still cached in Google), the group said it had succeeded in hacking into military computers in the U.S., Germany and Iraq in 2009.
While the size of the group is unknown, Stewart said that posts reveal at least one other member in Egypt.
"So they were having apparently a campaign for a while to do more targeted attacks against U.S. military computers," he said. "It looks like from the text of the postings that we found that they actually were successful in not only hacking into some computers -- it looks like it was personal computers, probably of individual soldiers, not military networks. It looks like they actually did do some damage there. They said that they had managed to destroy a number of computers and obviously they can't destroy the hardware so we're assuming that they managed to trash the hard drive."
While this recent worm was not especially malicious, he said, it had been a while since a worm had been so widespread.