Hacker Claims Responsibility For Massive Worm Attack

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

In a YouTube video, a hacker has claimed responsibility for the ‘Here you have’ worm last week and defended his or her actions

A person claiming to be the hacker behind the “Here you have” worm posted a YouTube video on 12 September defending his or her actions.

In the YouTube video, a hacker by the nickname Iraq Resistance, spoke with a computer-altered voice in a video published by “iqziad” and claimed responsibility for the worm. In an email exchange with eWEEK, the hacker confirmed posting the video and defended his actions.

“I am not [a] terrorist and not [a] bad person… yes I created the virus and the responsibility [is] on Mr. Terry Jones not on me,” the hacker wrote in the email, referring to the Florida pastor who made headlines after pledging to burn copies of the Quran on 12 September.

Jones eventually called the event off.

Spam surge

A member of the cyber-jihadist group known as the Brigades of Tariq ibn Ziyad, Iraq Resistance has also been linked to a similar malware attack in August. Tariq ibn Ziyad was an eighth century Berber military commander who led the conquest of Visigothic Hispania, according to the Encyclopedia Britannica.

In the YouTube video, the hacker stated the United States does not “have the right to invade our people and steal the oil under the name of nuclear weapons” and objected to being called a terrorist.

“I can smash all of those infected, but I wouldn’t… I hope all people understand that I’m not [a] negative person,” the voice said.

In an analysis of the worm, SecureWorks director of malware research Joe Stewart found the binary contains the term “iraq_resistance”. In addition, the emails spammed out in the August attack had Iraq Resistance in the From field as well as the subject line, “Here you have”.

At one point, the spam associated with the attack on 9 September accounted for 10 percent of all the email traffic on the web, according to statistics from Cisco.

“According to the video, this worm has been created targeting mainly… the United States, and it justifies it [with] two reasons: to commemorate the 11 September attacks and to demand respect [for] Islam, referring to the Terry Jones incident last week, when he wanted to burn a Quran in public,” blogged Luis Corrons, technical director of Panda Security’s PandaLabs.

According to reports, the worm hit many organisations hard, including high-profile organisations such as NASA, Walt Disney and the Florida Department of Transportation.