The ersatz tarek_bin_ziad_army: Alleged Creator of “Here You Have” Virus
Since this virus/malware “here you have” has made the mainstream news feeds, I thought it an interesting experiment to see what I could see with Maltego and Google on this character. The malware evidently had a sig in it that had the email Iraq_resistance@yahoo.com in it, so plugging that into Maltego I came up with some related email addresses. Extrapolating further the searches also came up with an interesting website hit that our boy had posted to. Google however came up with more data that lead in a different direction and a new email address that eventually gave up the tarek_bin_ziad_army name/account that I think this guy was planning on using to create a Yahoo group. So far though, he has no group out there that I could find.
He did post this little missive though on another islamist site laying down the goals for his organization…
By plugging in the tarek_bin_ziad_army name as a “phrase” into Maltego I was able to come up with the email address I believe he is going to be using to start the yahoo group: firstname.lastname@example.org. This yielded some ancillary email addresses that he has chatted with on certain sites that include the email@example.com —> firstname.lastname@example.org which relates to a hacker who has been defacing pages from the arab hackers network.
In all, the guy who is alleged to have had a hand in creating the “now you have” bug has been around the islamic jihad and Arab hacking scene since around 2006-2006. At first he was asking around for coders to make malware for jihad.. Now, he has been posting less under these accounts.. In fact he really hasn’t posted all that much under it or Iraq_Resistance (his usual handle) Most of what I have found is he signs up for boards and then posts nothing. No real user data either so he is being mostly smart about it. He certainly doesn’t have the pinache of Dr.Kasber…
All in all, this guy is more an annoyance than anything else from what I am able to see. However, given time and perhaps fame from this particular bug and the news cycle’s “Electronic JIHAD!!!” he may get more traction. Lets see though if he sets up the site and if he gets some takers on that. I will continue looking into him… Lets see what he does next.