Log in ...Tribune: IT supplement of The Tribune, Chandigarh, India. Feature page

Monday, March 24, 2003		Feature

LoC, cricket pitch and cyberspace — Indo-Pak
rivalry is everywhere

HACKERS claiming to be from India have launched their latest strike in a cyber-spat with Pakistan by unleashing a new variant of Yaha Internet e-mail worm, anti-virus firm Sophos Inc. said.

The worm, written by a group calling itself the Indian Snakes, does not appear to be spreading or causing any damage, said Chris Wraight, a technical consultant at UK-based Sophos.

The Yaha-Q worm, the latest in a string of Yaha worms released by hackers from both countries since December, leaves a back-door on an infected machine and sends itself to people listed in the e-mail address book, Wraight said.

It also tries to disable anti-virus software and commands the computer to launch a denial-of-service attack on five Pakistani Web sites, he said. Such an attack is designed to shut down a Website by sending so many repeat requests to the Web server that it becomes overloaded.

The Pakistan Websites it tries to attack are those of the government, the government’s Computer Bureau, a community "portal" site, Internet service provider Comsats and the Karachi Stock Exchange, according to Sophos.

Yaha-Q arrives as an e-mail attachment but also can spread via shared network drives. It tries to sneak past firewalls and other security software to get onto Web servers directly, Wraight said.

In addition to storing taunting messages against Pakistan on the computer, it sends messages to Roger Thompson, technical director of malicious code research at TruSecure Corp. in Herndon, Virginia, and to a female virus writer known as "Gigabyte," Sophos said.

Gigabyte wrote a virus in January to counter an earlier version of Yaha that was designed to attack her Website.

"I do not plan on writing a new ‘counter attack’ or getting further involved with these people in any way," she wrote in e-mail.

Thompson said he has commented in the past that previous versions of Yaha were politically motivated.

The worm is not spreading because it is being blocked by anti-virus and other security software and everyone is becoming more suspicious of e-mail and not clicking on mysterious attachments, Wraight said.