Skip to main content
Starting on September 9th, 2010, this worm started appearing in people's inboxes with the subject line "Here you have".  The email contained a message about a document that the sender "told you about", with a link to what appeared to be a PDF file.  In reality, the extension of the file was hidden, and the supposed PDF file was actually an executable with an .SCR extension.  Once the file was run, it would scan the Windows address book and send itself to every address found therein.

 

The malware attempted to deactivate whatever anti-virus was running to prevent detection.  As the worm spread, the flood of emails brought email systems to a crawl.  Some of the organizations hardest hit were NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida DOT and Wells Fargo.  Several of them had to shut down their email systems entirely to halt the spread.  

 

Security companies swiftly updated their products to detect the worm thus the damage was shortlived.  The worm appeared to be similar to the I Love You and Anna Kournikova worms that spread in 2000 and 2001.  

 

The author seemed to be a known Libyan hacker, named "Iraq Resistance", who was trying to start a "cyber-jihad.  His stated goal was to break into email systems at US Army agencies.  The hacker began corresponding with a reporter from IDG by email, but an FBI investigation was unable to get enough information to make an identification or an arrest.  The IP address used came from the UK, but that could have been a proxy or hacked computer that relayed the emails.

 

Cisco estimated that between 6 and 14 percent of all spam on the Internet was due to this worm propagating on that day.  

 
Nice article  @nic  thanks!   I'm just wondering if reminiscing about the old days is better than dealing with all the new virus 😉
@ wrote:

@Nice article  @  thanks!   I'm just wondering if reminiscing about the old days is better than dealing with all the new virus ;-)

Yeah, sometimes it is more fun to live in the past 🙂

Reply