The ‘Here You Have’ virus—which kept IT departments busy in early September 2010—has all the makings of a good Jack Ryan outing. Major corporate and government disruption? Check. (Entities from Disney to NASA were affected.) A hacker claiming credit on YouTube, citing anger over U.S. foreign policy in the Middle East? Check. A variant promising free sex tapes? Check.

Although ‘Here You Have’ first appeared in August 2010, it didn’t become widespread until Sept. 9, when it began affecting major corporations including Proctor & Gamble, Comcast, AIG, and Wells Fargo. The Trojan malware spread through an email with the subject line “Here You Have” and the message “Hello: This is The Document I told you about, you can find it here.” 

The message included a link—not to a PDF document, of course, but to an executable with the extension .scr. This executable burrowed itself in the computer’s Windows directory as CSRSS.EXE, sending the “Here You Have” message to everyone in the user’s address book.

One variant had the subject line subject “Just for you” and the message “This is The Free Dowload Sex Movies,you can find it Here.” (Evidently those tempted by free adult content aren’t much on spelling or grammar.) The virus also attempted to delete a computer’s security software.

‘Here You Have’ virus comes to a quick halt

Security patches quickly stopped the virus in its tracks, though at its peak, the ‘Here You Have’ virus accounted for 14 percent of the world’s spam traffic. The Sunday after the virus became widespread, a Libyan hacker going by Iraq_resistance posted a YouTube video explaining his motivations for the cyberattack—namely, the U.S. invasion of Iraq.

Doesn’t this sound ripped from the pages of a spy thriller? All this malware saga needs is a chiseled action hero.

<

Photo:  metamorworks / Shutterstock.

Kate Johanns

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

Leave a reply

Your email address will not be published. Required fields are marked *