Download our in-depth report: The Ultimate Guide to IT Security VendorsWhat started out as a war of words between two rival hacker groups has escalated into therelease of a worm.
Yaha-Q, a variant on the Yaha virus which was detected in June of 2002, was recentlylaunched into the wild as the latest chapter in a battle between a group of Indian hackersand a rival group in Pakistan.
Several antivirus companies have classified the variant as a low-grade threat. But at leastone virus tracker says he worries that releasing a virus as part of a turf war could set abad precedent for future feuds, especially in times of political and military upheaval.
''The Indian Snakes gang claims that this is not a political spat, rather a battle toestablish cybercrime supremacy,'' says Chris Wraight, a technology consultant at Sophos,Inc., an antivirus company based in Lynnfield, Mass. ''It's a shame that this disputebetween rival cyber criminals is being fought on the PCs of innocent computer users...Usually groups like these might bicker in chat rooms or try to bring down each other's Websites. If this was a quickly propagating virus, everyone could be brought into the fray.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i ''Based on world events, there's the possibility that we'll see more of this,'' addsWraight.
The Indian Snakes released the Yaha-Q variant in retaliation against a group of Pakistanihackers who had defaced Web sites based in India. The worm is designed to launch adenial-of-service attack against five Pakistani Web sites. It also carries a number ofpayloads, as well as messages to the Pakistani hackers, a U.S.-based virus expert, and to avirus writer who had disparaged the group.
The Yaha-Q payloads include the ability to shut down about 20 different applications,including personal firewalls and antivirus software, according to Tony Magallanez, a systemengineer with Finland-based F-Secure Corp. It propogates itself through email, picking upaddresses from the infected systems' Outlook address book.
Sophos' Wraight says on Wednesdays the worm triggers a denial-of-service attack from eachinfected system. But Magallanez says the denial-of-service attacks haven't been causing muchdamage and the worm has been slow to spread.