Thursday, September 08, 2005

Irhabi 007 Strikes Again

Irhabi 007 Strikes Again

It was bound to happen.

With all of the renewed attention Irhabi 007 has received in the media, it wasn’t surprising that his website was quietly attempting to push down a Islamist Trojan.

Irhabi 007, or Terrorist 007, is better known for the hacking and cracking tips he posts on Jihadi boards, and for appropriating server space from unsuspecting companies and governmental agencies in an attempt to spread Islamist propaganda.

But with very little attention, over the last year, his various Al Qaeda propaganda websites have quietly pushed down a variety of keystroke loggers, viruses, and Trojans on unsuspecting visitors.

Until now, his malware has been restricted to those commonly found on the internet. Prior to yesterday, we have not detected any attempts to push down Islamist Trojans or viruses.

That changed yesterday with the release his newest creation.

Apparently Irhabi 007 has appointed himself the guardian of the morals of the internet. That’s no small task, needless to say, considering the popularity of porn sites.

But the new Trojan that is being pushed from his site takes control of that.

Once the Trojan has infected a computer, it begins searching the title bar of a browser window for specific words that indicate that the user might be on a porn site. Among the words it flags are: “sex”, “teen”, “xxx”, slang for body parts, and slang for various sexual acts. (The Trojan flags the equivalent words in Arabic as well.)

When it finds these words, it minimizes the window so users cannot view the content. It pops up a box containing quotes from the Qu’ran in both English and in Arabic, as shown in the attached image..

The quote in English includes the following translated quote from an English language interpretation of the Qu’ran by Yusef Ali:

Yusufali: Know, therefore, that there is no god but Allah, and ask forgiveness for they fault, and for the men and women who believe: for Allah knows how ye move about and how ye dwell in your homes.

The Trojan locks down the user’s computer, and forces them to either reboot or shut down.

At this point, initial analysis indicates that the Trojan does not have any other payload other than restricting those websites that a user may attempt to view.

The emergence of this Trojan on Irhabi 007’s site is not terribly surprising. Over recent months, Irhabi 007 has been showing an increased interest in creating viruses, Trojans, and spyware, and has actually posted instructions on how to create a simple keystroke logging Trojan.



Anonymous Anonymous said...

Cool blog...good job!
SHOCKING Payday Loans
blog. It covers UNUSUAL stuff about Payday Loans.
Come and check it out if you dare ;-)

7:19 AM  
Anonymous Anonymous said...

Laura: I believe that Irhabi 007 is none other than Taher Elgamal, former Netscape Chief Scientist and the developer of the SSL internet encryption standard. Elgamal is an Egytian and disgruntled Bush supporter who is vehemently opposed to the Iraq war. His former company, Securify, has many projects with the federal government and access to federal systems and related security policy, making it easy to evade detection. If you have any contacts at the FBI or Homeland Security, they should interview him ASAP. I hope I'm wrong, but there are very few people with his skill level and his politics with so much access.

4:29 PM  
Blogger Amanah Community said...


2:01 AM  

Post a Comment

<< Home