Hackers claiming to be from India have launched their latest strike in a cyber-spat with Pakistan by unleashing a new variant of the “Yaha” Internet e-mail worm, anti-virus firm Sophos Inc. said on Wednesday. The worm, written by a group calling itself the Indian Snakes, does not appear to be spreading or causing any damage, said Chris Wraight, a technical consultant at U.K.-based Sophos. The Yaha-Q worm, the latest in a string of Yaha worms released by hackers from both countries since December, leaves a back-door on an infected machine and sends itself to people listed in the e-mail address book, Wraight said. It also tries to disable anti-virus software and commands the computer to launch a denial-of-service attack on five Pakistani Web sites, he said. Such an attack is designed to shut down a Web site by sending so many repeat requests to the Web server that it becomes overloaded. The Pakistan Web sites it tries to attack are those of the main government Web site, the government’s Computer Bureau, a community “portal” site, Internet service provider Comsats and the Karachi Stock Exchange, according to Sophos. Yaha-Q arrives in an e-mail attachment but also can spread via shared network drives, such as at corporations. It tries to sneak past firewalls and other security software to get onto Web servers directly, Wraight said. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.