Saturday, June 15, 2024

India/Pakistan Virus Writers Take War Online

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

What started out as a war of words between two rival hacker groups has escalated into the

release of a worm.

Yaha-Q, a variant on the Yaha virus which was detected in June of 2002, was recently

launched into the wild as the latest chapter in a battle between a group of Indian hackers

and a rival group in Pakistan.

Several antivirus companies have classified the variant as a low-grade threat. But at least

one virus tracker says he worries that releasing a virus as part of a turf war could set a

bad precedent for future feuds, especially in times of political and military upheaval.

”The Indian Snakes gang claims that this is not a political spat, rather a battle to

establish cybercrime supremacy,” says Chris Wraight, a technology consultant at Sophos,

Inc., an antivirus company based in Lynnfield, Mass. ”It’s a shame that this dispute

between rival cyber criminals is being fought on the PCs of innocent computer users…

Usually groups like these might bicker in chat rooms or try to bring down each other’s Web

sites. If this was a quickly propagating virus, everyone could be brought into the fray.

”Based on world events, there’s the possibility that we’ll see more of this,” adds


The Indian Snakes released the Yaha-Q variant in retaliation against a group of Pakistani

hackers who had defaced Web sites based in India. The worm is designed to launch a

denial-of-service attack against five Pakistani Web sites. It also carries a number of

payloads, as well as messages to the Pakistani hackers, a U.S.-based virus expert, and to a

virus writer who had disparaged the group.

The Yaha-Q payloads include the ability to shut down about 20 different applications,

including personal firewalls and antivirus software, according to Tony Magallanez, a system

engineer with Finland-based F-Secure Corp. It propogates itself through email, picking up

addresses from the infected systems’ Outlook address book.

Sophos’ Wraight says on Wednesdays the worm triggers a denial-of-service attack from each

infected system. But Magallanez says the denial-of-service attacks haven’t been causing much

damage and the worm has been slow to spread.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles