Friday, June 18, 2021

India/Pakistan Virus Writers Take War Online

What started out as a war of words between two rival hacker groups has escalated into the

release of a worm.

Yaha-Q, a variant on the Yaha virus which was detected in June of 2002, was recently

launched into the wild as the latest chapter in a battle between a group of Indian hackers

and a rival group in Pakistan.

Several antivirus companies have classified the variant as a low-grade threat. But at least

one virus tracker says he worries that releasing a virus as part of a turf war could set a

bad precedent for future feuds, especially in times of political and military upheaval.

”The Indian Snakes gang claims that this is not a political spat, rather a battle to

establish cybercrime supremacy,” says Chris Wraight, a technology consultant at Sophos,

Inc., an antivirus company based in Lynnfield, Mass. ”It’s a shame that this dispute

between rival cyber criminals is being fought on the PCs of innocent computer users…

Usually groups like these might bicker in chat rooms or try to bring down each other’s Web

sites. If this was a quickly propagating virus, everyone could be brought into the fray.

”Based on world events, there’s the possibility that we’ll see more of this,” adds

Wraight.

The Indian Snakes released the Yaha-Q variant in retaliation against a group of Pakistani

hackers who had defaced Web sites based in India. The worm is designed to launch a

denial-of-service attack against five Pakistani Web sites. It also carries a number of

payloads, as well as messages to the Pakistani hackers, a U.S.-based virus expert, and to a

virus writer who had disparaged the group.

The Yaha-Q payloads include the ability to shut down about 20 different applications,

including personal firewalls and antivirus software, according to Tony Magallanez, a system

engineer with Finland-based F-Secure Corp. It propogates itself through email, picking up

addresses from the infected systems’ Outlook address book.

Sophos’ Wraight says on Wednesdays the worm triggers a denial-of-service attack from each

infected system. But Magallanez says the denial-of-service attacks haven’t been causing much

damage and the worm has been slow to spread.

Similar articles

Latest Articles

Top Data Visualization Tools...

The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

The Data Capture Market

Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...

NVIDIA and the Move...

NVIDIA recently held a Q&A with its visionary CEO Jensen Huang.   While the Q&A this week focused on NVIDIA’s announcements at Computex, his opening and...

Acquia Updates Open Digital...

BOSTON – Acquia’s Drupal-based customer experience (CX) platform is looking different to enterprise users. Acquia made updates last quarter across its three-part Open Digital Experience...