Indian sympathisers launch denial of service attack on Pakistani government

June 28, 2002 Sophos Press Release

A widespread internet worm has launched an attack on the Pakistani government's website and is encouraging Indian hackers and virus writers to join forces and attack Pakistan.

The W32/Yaha-E worm highlights the current political tensions between India and Pakistan by attempting a rudimentary denial of service attack on the Pakistani government's website. It also creates a file on infected computers, exhorting others to join the fight against the Pakistanis.

The file includes the message:

iNDian sNakes pResents yAha.E
iNDian hACkers,Vxers cOme & wORk wiTh uS & fUCk tHE GFORCE-pAK shites
bY sNAkeeYes,coBra

Browsers attempting to reach the www.pak.gov.pk website have been unsuccessful for the last few days.

"The Yaha worm is another example of how viruses are being used to disseminate political messages," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "What seems like a harmless message relating to friendship and love actually turns out to be a call for cybercriminals to attack Pakistani targets. As ever, up to date anti-virus protection and safe computing practice will render this virus impotent."

Previous politically-motivated viruses include the Injustice worm (also known as VBS/Staple-A), which disseminated pro-Palestinian messages and spammed a number of Israeli government email addresses, and Mawanella (also known as VBS/VBSWG-Z) which highlighted friction between Muslims and Buddhists in Sri Lanka.

The Yaha-E worm arrives as an email attachment and can use a wide assortment of subject lines and filenames. Many of the subject lines use wording related to friendship or love. Sophos made protection against W32/Yaha-E available on 20th June 2002, and reminds users that if they have kept their anti-virus protection fully updated they should have nothing to fear.