Self-proclaimed hacker cites Iraq loyalties as reason for releasing virus

Video claiming credit, explaining motive, appeared on YouTube

In a video posted to YouTube on Sunday, a hacker by the name of "Iraq resistence" has taken credit for the "Here You Have" e-mail virus and has stated the worm has "… affected NASA, Coca-Cola, Google and most American [companies]." 

The video, posted with a computerized female voice, cites America's foreign policy, specifically with regards to Iraq, for the reason behind the individual unleashing the malware into the public. The anonymous person also went on to criticize the U.S. media for calling the hacker in question a terrorist and not giving Terry Jones, the Florida preacher who had planned to host a Koran burning on the anniversary of 9/11, the same label.  

Written in Visual Basic and time stamped 9/3/2010, the malware sends out e-mails that provides a link to a supposed PDF file or video. The link then redirects users to an executable file that installs the virus and an autorun.inf file to local drives. Once installed, it attempts to disable any antivirus software and then sends e-mails to a link to the virus to all contacts in a user's Outlook address book.

According to a Microsoft Malware Protection Center (MMPC) blog posting, the worm has spread through many U.S. enterprises through their Outlook system.

"As more machines on a corporate network are infected, more and more e-mail is sent around on the local network, which can cause mail server performance degradation. The threat also sends back information about the compromised system, specifically IP addresses and system information via a built-in SMTP/ESMTP (mail-transfer) engine," Microsoft commented in the MMPC blog entry.

As of Friday, the link that leads to the malware has been deactivated. However, Microsoft warns the threat of corporate inboxes being filled by e-mails coming from corrupted computers is still taking place. They also point out that the majority of personal computer users have not been hit by the worm, with 98 percent of reported affected systems coming from "business environments."

The "Here you have" virus is very reminiscent of earlier malware sent through e-mail that was largely predominant 10 years ago, like the "iloveyou" worm. However, unlike the 2000 virus that automatically installed on a user's computer when the e-mail was simply opened, the "Here you have" worm was accessed only by clicking on the link provided in the e-mail body.

About the Author

Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including,, and


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected