[ISN] Worm linked to India-Pakistan cyber-spat

From: InfoSec News (isnat_private)
Date: Thu Mar 13 2003 - 00:53:19 PST

Next message: InfoSec News: "[ISN] Study Exposes WLAN Security Risks"

Previous message: InfoSec News: "[ISN] Anti-Terror Pioneer Turns In the Badge"
Next in thread: InfoSec News: "[ISN] Worm linked to India-Pakistan cyber-spat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=2372247

13 Mar 2003 

SAN FRANCISCO (Reuters) - Hackers claiming to be from India have 
launched their latest strike in a cyber-spat with Pakistan by 
unleashing a new variant of the "Yaha" Internet e-mail worm, 
anti-virus firm Sophos says. 

The worm, written by a group calling itself the Indian Snakes, does 
not appear to be spreading or causing any damage, said Chris Wraight, 
a technical consultant at U.K.-based Sophos. 

The Yaha-Q worm, the latest in a string of Yaha worms released by 
hackers from both countries since December, leaves a back-door on an 
infected machine and sends itself to people listed in the e-mail 
address book, Wraight said. 

It also tries to disable anti-virus software and commands the computer 
to launch a denial-of-service attack on five Pakistani Web sites, he 
said. Such an attack is designed to shut down a Web site by sending so 
many repeat requests to the Web server that it becomes overloaded. 

The Pakistan Web sites it tries to attack are those of the main 
government Web site, the government's Computer Bureau, a community 
"portal" site, Internet service provider Comsats and the Karachi Stock 
Exchange, according to Sophos. 

Yaha-Q arrives in an e-mail attachment but also can spread via shared 
network drives, such as at corporations. It tries to sneak past 
firewalls and other security software to get onto Web servers 
directly, Wraight said. 

In addition to storing taunting messages against Pakistan on the 
computer, it sends messages to Roger Thompson, technical director of 
malicious code research at TruSecure in Herndon, Virginia, and to a 
female virus writer known as "Gigabyte," Sophos said. 

Gigabyte wrote a virus in January to counter an earlier version of 
Yaha that was designed to attack her Web site. 

"I do not plan on writing a new 'counter attack' or getting further 
involved with these people in any way," she wrote in an e-mail. 

Thompson said he has commented in the past that previous versions of 
Yaha were politically motivated. 

The worm is not spreading because it is being blocked by anti-virus 
and other security software, and people are becoming more suspicious 
of e-mail and not clicking on mysterious attachments, Wraight said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Study Exposes WLAN Security Risks"
Previous message: InfoSec News: "[ISN] Anti-Terror Pioneer Turns In the Badge"
Next in thread: InfoSec News: "[ISN] Worm linked to India-Pakistan cyber-spat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 03:19:09 PST