Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers


Yaha Worm Takes Out Pakistan Government's Site

The official Web site of the government of Pakistan is apparently the

victim of a politically motivated attack launched by the latest version of

an Internet worm.

Virus experts said the Yaha.E worm, first identified on June 15, contains a

payload designed in part to disrupt the home page of the Islamic Republic

of Pakistan with a rudimentary denial of service attack.

Attempts to reach the site, located at, were unsuccessful


According to an analysis of

Yaha.E by F-Secure Corporation, Yaha causes an infected computer to make

repeated connection attempts to the Pakistan government site. "If the worm

is widespread, this can cause a DoS (Denial of Service) attack on that

webserver," said the analysis.

The last high-profile worm to include a denial-of-service component was

Code Red, which was designed to flood the White House site using infected

Web servers running Microsoft's IIS software.

The MessageLabs virus information service currently rates Yaha.E the second

most prevalent virus after Klez.H. The managed e-mail security service said

it has blocked over 7,000 Yaha.E infections in the past 24 hours.

Yaha is a mass-mailing worm carried in an infected e-mail attachment. It

arrives with a message containing widely varying subject lines and body

contents. The code is designed to propagate itself to all e-mail addresses

in the victim's Microsoft Windows Address Book, MSN Messenger List, Yahoo

Pager list, and ICQ list. According to an analysis by Trend Micro, Yaha.E contains code that

attempts to terminate anti-virus and firewall software.

Roger Thompson, malicious code expert for ICSA Labs, said the worm creates

a text file on the victim's computer that says Yaha.E was the work of

"sNAkeeYes,c0Bra." The file exhorts Indian hackers and virus writers to

"c0me & w0Rk wITh uS" against "tHE GFORCE-pAK shites" -- a reference to the

Pakistani hacker group G-Force Pakistan.

Thompson said the worm's denial of service attack "is more like a boa

constrictor than a cobra strike" because it slowly overwhelms the target

site as more systems become infected with the worm.

As such, Yaha differs from most denial of service attacks, which are

suddenly launched by an attacker. "Someone has a bunch of zombies and

presses the 'Go' button," said Thompson.

Officials at Comsats Internet Services, which hosts the Pakistan government

site, were not immediately available for comment. By Brian McWilliams

blog comments powered by Disqus