Web Hosting Security

  Home arrow Web Hosting Security arrow Security: Here you Have Virus Wreaks ...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Security: Here you Have Virus Wreaks Havoc on Inboxes Worldwide
By: Joe Eitel
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 6
    2010-09-23

    Table of Contents:
  • Security: Here you Have Virus Wreaks Havoc on Inboxes Worldwide
  • Who It Affected

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Security: Here you Have Virus Wreaks Havoc on Inboxes Worldwide


    (Page 1 of 2 )

    A computer virus that quickly and efficiently wreaks havoc on the world may seem like a nightmare or a bad science fiction novel, but in early September a global e-mail virus, coined the “Here You Have” virus, spammed inboxes, completely putting a stop to work in offices around the world. This article will explain what happened, where it came from, who it affected, and how to stay safe from it.

    Countless employees watched in horror as their inboxes filled with e-mails from trusted sources, such as family members and co-workers, with each e-mail having the same identifier--the phrase "Here you have" in the subject line. Many workers had to go without e-mail, as the virus and resulting flood of spam left them out of commission.

    So how did this happen; where did it start; who was affected; and how do we protect ourselves against future attacks?

    The Source

    During the initial outbreak of the virus, officials from the Department of Homeland Security, the U.S. Computer Emergency Readiness Team, and DHS National Cyber Security Division were scrambling to find out how harmful the virus was and where the virus originated using forensic analysis. The scariest part to some was that several federal departments and agencies experienced the virus.

    Thankfully, just one day after the virus hit U.S. companies and organizations like NASA, Comcast, AIG, Disney, Proctor & Gamble, the Florida Department of Transportation, and Wells Fargo, the Atlanta-based firm SecureWorks, leaders in managed security services, security information, and event management, were able to identify a link between the virus and a cyber-jihad organization called "Brigades of Tariq ibn Ziyad.” 

    According to SecureWorks, much of the worm's code is similar to malware that was released early last month, with both “worms” referencing a Libyan hacker who uses the name Iraq Resistance and has been attempting to form a hacking group called Brigades of Tariq ibn Ziyad. Joe Stewart, director of malware research with SecureWorks, is still unsure if this is the person/group responsible for the act. "Either this person is involved with this virus or somebody wants to make it seem like this person's group is involved in this virus," Stewart said. "There are a lot of pointers to that group."

    According to a Google translation of Iraq Resistance’s post announcing the group, the goal of Tariq ibn Ziyad is "to penetrate U.S. agencies belonging to the U.S. Army.” It’s still not clear why the earlier version of worm released a month prior did not spread as quickly or widely. As a matter of fact, Symantec rated it a "low" risk. According to Stewart, the most likely theory is that initially, more people were spammed this time around. Also, the latest version of "Here You Have" may have included new components, causing it to spread more efficiently.

    According to Computerworld, the August worm used the e-mail address Iraq_resistance@yahoo.com and the words “Iraq Resistance” appeared in the binary code of the latest version of the virus. Not only that, but a feature of the worm put in place by the creators so they could remotely log into an infected system, attempts to connect to a computer using the Tariq ibn Ziyad name. Finally, here’s the last bit of evidence pointing to Iraq Resistance: other facets of the worm, including the e-mail sending software and password stealer, were written in Arabic.

    Symantec said the worm is similar to the equally bizarre "Anna Kournikova" virus from 2001, which perhaps not-so-coincidentally also carried the subject line of "Here You Have.” The 2001 virus tricked users into opening an e-mail message that they were led to believe contained an alluring photo of tennis beauty Anna Kournikova.

    “Here You Have ….” What?

     Different terminology has been thrown around in reference to the attack, which was responsible for hundreds of thousands, if not millions of e-mails. So, was it a virus, malware, a worm, or all of the above? Technically, it was a worm. A “worm” is geek speak for a computer worm, which is a self-replicating malware computer program. Essentially, the worm uses a computer network to send copies of itself to other computers on the network, doing so without any kind of user intervention.

    Obviously, organizations like NASA have advanced technology in their offices, but programmers who write worms such as “Here You Have” seek out security shortcomings on target computers. Unlike a virus, worms do not need to attach themselves to existing programs. Usually, worms don’t really harm the network, except for consuming bandwidth. Viruses, on the other hand, almost always corrupt or modify files on targeted computers. As we’ll soon find out, some are of the opinion that “Here You Are” was indeed, a virus.

    Dmitri Alperovitch, vice president of threat research at McAfee, told ABCNews.com that the company was investigating the attack. "We do know that it's essentially an e-mail based worm that's propagating that has a link that alleges to be a PDF document that it wants the user to click on," Alperovitch said. "In reality, it's a piece of malware that's obfuscating as a PDF and it has the capabilities to spread virally once it's installed on the machine."

    The day after the worm wreaked havoc on computers around the country, McAfee released a report about the virus, saying that the risk for both home and corporate e-mail was low. Essentially, all the worm did was spam a massive number of people, but it made many realize just how quickly a serious virus could spread, possibly debilitating computer networks all over the country.

    More Web Hosting Security Articles
    More By Joe Eitel

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap