Archive for September 14th, 2010
The ersatz tarek_bin_ziad_army: Alleged Creator of “Here You Have” Virus
Since this virus/malware “here you have” has made the mainstream news feeds, I thought it an interesting experiment to see what I could see with Maltego and Google on this character. The malware evidently had a sig in it that had the email Iraq_resistance@yahoo.com in it, so plugging that into Maltego I came up with some related email addresses. Extrapolating further the searches also came up with an interesting website hit that our boy had posted to. Google however came up with more data that lead in a different direction and a new email address that eventually gave up the tarek_bin_ziad_army name/account that I think this guy was planning on using to create a Yahoo group. So far though, he has no group out there that I could find.
He did post this little missive though on another islamist site laying down the goals for his organization…
By plugging in the tarek_bin_ziad_army name as a “phrase” into Maltego I was able to come up with the email address I believe he is going to be using to start the yahoo group: tarek_bin_ziad_army@yahoo.com. This yielded some ancillary email addresses that he has chatted with on certain sites that include the thabet3000@gmail.com —> r_5@live.com which relates to a hacker who has been defacing pages from the arab hackers network.
In all, the guy who is alleged to have had a hand in creating the “now you have” bug has been around the islamic jihad and Arab hacking scene since around 2006-2006. At first he was asking around for coders to make malware for jihad.. Now, he has been posting less under these accounts.. In fact he really hasn’t posted all that much under it or Iraq_Resistance (his usual handle) Most of what I have found is he signs up for boards and then posts nothing. No real user data either so he is being mostly smart about it. He certainly doesn’t have the pinache of Dr.Kasber…
All in all, this guy is more an annoyance than anything else from what I am able to see. However, given time and perhaps fame from this particular bug and the news cycle’s “Electronic JIHAD!!!” he may get more traction. Lets see though if he sets up the site and if he gets some takers on that. I will continue looking into him… Lets see what he does next.
CoB
Majahden Site Admin Naif Almutairi AKA Dr.KaSBeR
The Majahden forums that include all of its various online incarnations have admin contact data of:
Dr.KAsBeRNaif Almutairi ()Fax:P.O. Box 111Gaza, GAZZ 222/222SA
Administrative Contact:Dr.KAsBeRNaif Almutairi (Dr.KAsBeR@gmail.com)+966.599060184Fax: .599060184P.O. Box 111Gaza, GAZZ 222/222SA
Technical Contact:Dr.KAsBeRNaif Almutairi (Dr.KAsBeR@gmail.com)+966.599060184Fax: .599060184P.O. Box 111Gaza, GAZZ 222/222SA
The IP address of the site sits in Pennsylvania 173.212.206.171 at HOSTNOC. By using Maltego, I was able to put together a better picture of Dr. Kasber/Naif Almutairi above and with the help of Google searches have come up with more data:
Naif S ALmutairi
166a jnb albet
Riyadh
11911
SA
Phone: +966.559855166
Email Address:
dr.kasber@gmail.com
e2o@hotmail.com
naifa@hotmail.com
almutairin@gmail.com
naifalmutairi@hotmail.com
almutairi.naif@gmail.com
Naif/Kasber has been an active little hacker and coder too. Googling has produced quite a bit of hits on pages that he and a group of his merry defacers have hacked on Zone-H as well as some interesting hits on coder sites like MSN where he has worked on some programs for messenger and such.
He also has a Facebook page with 62 interesting friends!
It remains to be seen whether or not this Naif persona is just that, but, here is what I know about our boy Naif/Kasber
- He speaks and writes in English very well
- He’s a coder
- He’s a hacker/defacer working with several different “groups” of Middle Eastern hackers
- He has made some software that he has pimped in different places
- Lastly, he is I believe, known as “Admin” at the Majahden forums.
I will keep working on aggregating more data on Naif, but this is what I have from a nights searches… How is it then that no one has pinched him yet if any of this data is at all real?
One wonders…
CoB
Krypt3ia 