|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
JUNE 27, 2002 SECURITY FOCUS Yaha Worm Takes Out Pakistan Government's Site Virus uses victim computers as denial-of-service agents, and tries to recruit Indian hackers into a cross-border cyber war
Virus experts said the Yaha.E worm, first identified on June 15, contains a payload designed in part to disrupt the home page of the Islamic Republic of Pakistan with a rudimentary denial of service attack. Attempts to reach the site, located at www.pak.gov.pk, were unsuccessful Wednesday. According to an analysis of Yaha.E by F-Secure Corporation, Yaha causes an infected computer to make repeated connection attempts to the Pakistan government site. "If the worm is widespread, this can cause a DoS (Denial of Service) attack on that webserver," said the analysis. The last high-profile worm to include a denial-of-service component was Code Red, which was designed to flood the White House site using infected Web servers running Microsoft's IIS software. The MessageLabs virus information service currently rates Yaha.E the second most prevalent virus after Klez.H. The managed e-mail security service said it has blocked over 7,000 Yaha.E infections in the past 24 hours. Yaha is a mass-mailing worm carried in an infected e-mail attachment. It arrives with a message containing widely varying subject lines and body contents. The code is designed to propagate itself to all e-mail addresses in the victim's Microsoft Windows Address Book, MSN Messenger List, Yahoo Pager list, and ICQ list. According to an analysis by Trend Micro, Yaha.E contains code that attempts to terminate anti-virus and firewall software. Roger Thompson, malicious code expert for ICSA Labs, said the worm creates a text file on the victim's computer that says Yaha.E was the work of "sNAkeeYes,c0Bra." The file exhorts Indian hackers and virus writers to "c0me & w0Rk wITh uS" against "tHE GFORCE-pAK shites" -- a reference to the Pakistani hacker group G-Force Pakistan. Thompson said the worm's denial of service attack "is more like a boa constrictor than a cobra strike" because it slowly overwhelms the target site as more systems become infected with the worm. As such, Yaha differs from most denial of service attacks, which are suddenly launched by an attacker. "Someone has a bunch of zombies and presses the 'Go' button," said Thompson. Officials at Comsats Internet Services, which hosts the Pakistan government site, were not immediately available for comment.  By Brian McWilliams Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | JUNE |
 Copyright 2002 , by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Policy |
Printer-Friendly Version
