[rizzn’s note: It always seems that these Pakistani and India rivalry hacking/cracking/virus writing contest things they have always end up showing the ineptitude of the hax0rs involved. I don’t know why that is. All I can offer is that every person from Pakistan and India in hacking chatrooms and mailing lists are always asking me for advice on how to hack hotmail and yahoo mail, which should give you some idea of the intellect at work. If it doesn’t, all I can say is it’s a hax0r thing, you wouldn’t get it.]

Politically motivated worm fails to spread

Reuters – September 23, 2003, 09:00 BST
The latest in a string of Yaha worms created by rival hackers from both India and Pakistan has been released

Hackers claiming to be from India have launched their latest strike in a cyber-spat with Pakistan by unleashing a new variant of the “Yaha” Internet email worm, antivirus firm Sophos says.

The worm, written by a group calling itself the Indian Snakes, does not appear to be spreading or causing any damage, said Chris Wraight, a technical consultant at UK-based Sophos.

The Yaha-Q worm, the latest in a string of Yaha worms released by hackers from both countries since December, leaves a back-door on an infected machine and sends itself to people listed in the email address book, Wraight said.

It also tries to disable anti-virus software and commands the computer to launch a denial-of-service attack on five Pakistani Web sites, he said. Such an attack is designed to shut down a Web site by sending so many repeat requests to the Web server that it becomes overloaded.

The Pakistan Web sites it tries to attack are those of the main government Web site, the government’s Computer Bureau, a community “portal” site, Internet service provider Comsats and the Karachi Stock Exchange, according to Sophos.

Yaha-Q arrives in an email attachment but also can spread via shared network drives, such as at corporations. It tries to sneak past firewalls and other security software to get onto Web servers directly, Wraight said.

In addition to storing taunting messages against Pakistan on the computer, it sends messages to Roger Thompson, technical director of malicious code research at TruSecure in Herndon, Virginia, and to a female virus writer known as “Gigabyte,” Sophos said.

Gigabyte wrote a virus in January to counter an earlier version of Yaha that was designed to attack her Web site.

“I do not plan on writing a new ‘counter attack’ or getting further involved with these people in any way,” she wrote in an email.

Thompson said he has commented in the past that previous versions of Yaha were politically motivated.

The worm is not spreading because it is being blocked by antivirus and other security software, and because people are becoming more suspicious of email and not clicking on mysterious attachments, Wraight said.