Hacker Posts Video Claiming 'Here You Have' Worm


Name of Virus, 'Here You Have' Was Hot Google Trend

The massive "Here You Have" e-mail virus spammed inboxes Thursday afternoon, slowing -- and in some cases halting -- work at offices around the world as employees watched their inboxes inexplicably fill with e-mails. Some workers were forced to go without e-mail altogether, as the flood of spam put their services out of commission.

Organizations and companies affected by the worm, which appears to have triggered hundreds of thousands if not millions of e-mails, included NASA, Comcast, AIG, Disney, Procter & Gamble, the Florida Department of Transportation and Wells Fargo.

The spam flood was so widespread that around 4 p.m. Thursday the subject of the spam e-mail "Here you have" was the second-hottest search on Google trends.

Dmitri Alperovitch, vice president of threat research at McAfee, told ABCNews.com Thursday that the company was investigating the attack.

"We do know that it's essentially an e-mail based worm that's propagating that has a link that alleges to be a pdf document that it wants the user to click on," Alperovitch said. "In reality, it's a piece of malware that's obfuscating as a pdf and it has the capabilities to spread virally once it's installed on your machine."

E-Mail Subject: 'Here You Have' 'Just For You'

Later, the company published a report about the virus on its website, calling the risk for both home and corporate e-mail "low." McAfee's report also identified the spam as a Trojan and said its origin was unknown. On its blog, McAfee said that because multiple variants of the worm were spreading, it "may take some time to work through them all to paint a clearer picture."

One version of the spam e-mail says, "Hello: This is The Document I told you about, you can find it here" and includes a link to what appears to be a pdf document.

Another version of the worm includes the subject "Just For you" and says "This is The Free Dowload Sex Movies, you can find it Here."

If a user clicked the link and downloaded the virus, it spread to contacts in that individual's e-mail account and continued to propagate. McAfee also said that it tried to stop and delete security services. McAfee said it had coverage for at least the main strain of the virus.

Department of Homeland Security Officials Investigate Virus

If you receive the messages, McAfee said to delete them without clicking on the link and to alert your company's IT office.

Security firm Symantec said the worm appeared to be a new malware attack but was similar to the "Anna Kournikova" virus from 2001, which also carried the subject line "Here you have" (the virus tricked users into opening an e-mail message supposedly containing a picture of tennis player Anna Kournikova).

Symantec speculated that the threat -- initially named Trojan.Horse but renamed W32.Imsolk.A@mm -- originated from a botnet and seemed to be hitting "many, many companies indiscriminantly.

"Once the threat copies itself to another machine, if a user even opens the folder that contains the threat on this new machine, this will launch the threat and cause it to spread further through both e-mail and over shared drives," the company wrote in a bulletin.

Department of Homeland Security officials have looked into the origin of virus, along with the U.S. Computer Emergency Readiness Team and Department of Homeland Security National Cyber Security Division.

  • 1
  • |
  • 2
  • |
  • 3
Join the Discussion
blog comments powered by Disqus
You Might Also Like...