A hacker has stepped forward to take credit for the “Here you have” worm that crippled thousands of corporate networks last week. The hacker, who has so far refused to reveal his or her identity, said the worm was meant as a propaganda tool to bring attention to their anti-American sentiments toward the war in Iraq. Like the authors of past worms, the hacker, who calls themselves Iraq Resistance, claimed they didn’t realize and never intended for the worm to spread as quickly as it did. He or she was also quick to defend themselves, saying they weren’t a negative person and claiming they could have caused a lot more damage if they wanted to, but had chosen not to.
Security experts say the worm, which briefly accounted for 14% of the world’s spam volume, contained several malicious components including a backdoor Trojan and a keylogger. It was also programmed to shut down and delete any anti-virus services it found. Fortunately for the victims, the worm was quickly shut down due to its unsophisticated structure. It struck many large U.S. companies including Proctor & Gamble, Disney, and Wells Fargo. It also hit NASA. At one point the deluge was so bad it forced cable and broadband provider Comcast to completely shut down their email servers.
It’s not clear why the emails duped so many into clicking on the attachment they contained. The fact that the worm invaded the address book of anyone infected and sent itself out to everyone on it may have been a factor. People, even those who know better than to click on links or open attachments from strangers, are much more likely to drop their guard and open attachments that come from friends, no matter how odd or suspicious they may look.