A widespread internet worm has launched an attack on the
Pakistani government's website and is encouraging Indian hackers
and virus writers to join forces and attack Pakistan.
The W32/Yaha-E
worm highlights the current political tensions between India and
Pakistan by attempting a rudimentary denial of service attack on
the Pakistani government's website. It also creates a file on
infected computers, exhorting others to join the fight against the
Pakistanis.
The file includes the message:
iNDian sNakes pResents yAha.E
iNDian hACkers,Vxers cOme & wORk wiTh uS & fUCk tHE
GFORCE-pAK shites
bY sNAkeeYes,coBra
Browsers attempting to reach the www.pak.gov.pk website have
been unsuccessful for the last few days.
"The Yaha worm is another example of how viruses are being used
to disseminate political messages," said Graham Cluley, senior
technology consultant, Sophos Anti-Virus. "What seems like a
harmless message relating to friendship and love actually turns out
to be a call for cybercriminals to attack Pakistani targets. As
ever, up to date anti-virus protection and safe computing practice
will render this virus impotent."
Previous politically-motivated viruses include the Injustice worm (also
known as VBS/Staple-A), which disseminated pro-Palestinian messages
and spammed a number of Israeli government email addresses, and
Mawanella (also known
as VBS/VBSWG-Z) which highlighted friction between Muslims and
Buddhists in Sri Lanka.
The Yaha-E worm arrives as an email attachment and can use a
wide assortment of subject lines and filenames. Many of the subject
lines use wording related to friendship or love. Sophos made
protection against W32/Yaha-E available on 20th June 2002, and
reminds users that if they have kept their anti-virus protection
fully updated they should have nothing to fear.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.