A global e-mail virus spammed inboxes Thursday afternoon, slowing -- and in some cases halting -- work at offices around the world as employees watched their inboxes inexplicably fill with e-mails under the subject line "Here you have." Some workers were forced to go without e-mail altogether, as the flood of spam put their services out of commission.
Organizations including NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida Department of Transportation and Wells Fargo are just a few of the organizations apparently affected by the worm, which appears to have sent out hundreds of thousands, if not millions of e-mails.
On Friday, the Atlanta-based security firm SecureWorks said it found a possible link between the worm attack and a cyber-jihad organization called "Brigades of Tariq ibn Ziyad".
It said the worm was first seen in August, although the attack was much smaller in scale.
The company said both the August worm and the one that hit corporate e-mail services Thursday referenced a known Libyan hacker who has tried to unite other like-minded hackers in a cyber-jihad.
SecureWorks said that according to a 2008 posting from the hacker, his goal is "to penetrate U.S. agencies belonging to the U.S. Army."
When contacted by ABCNews.com, Dmitri Alperovitch, vice president of threat research at McAfee, told ABCNews.com that the company was investigating the attack. Although McAfee did not disclose how widespread the attack was, around 4 p.m. Thursday afternoon, the subject of the spam e-mail, "Here you have," was the second hottest search on Google trends.
A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.
The email arrives with the subject “Here you have.” An executable screensaver that's disguised as a PDF document then tries to send the same message to everyone listed in the recipient's address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.
In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.
The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.
Then again, McAfee said multiple variants of the worm appear to be spreading, so it's not yet clear that the malicious screensaver is hosted by a single source.
By Dan Goodin in San Francisco
