Lentin worm used in Political attack

Discussion in 'malware problems & news' started by Tinribs, Aug 23, 2002.

Thread Status:
Not open for further replies.
  1. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Lentin Internet Worm Used in Politically Charged Attack
    The official Pakistan government Web site (www.pak.gov.pk) has
    apparently been subjected to a politically motivated attack launched by
    the latest version of the Lentin Internet worm.

    The virus Lentin.e contains a payload designed in part to disrupt the
    home page of the Islamic Republic of Pakistan with a rudimentary denial
    of service attack.

    Yaha causes an infected computer to make repeated connection attempts to
    the Pakistan government site. If many computers are infected by the worm
    the result can be a DoS (Denial of Service) attack.

    Lentin is a mass-mailing worm carried in an infected e-mail attachment.
    It arrives with a message containing widely varying subject lines and
    body contents. The code is designed to propagate itself to all e-mail
    addresses in the victim's Microsoft Windows Address Book, MSN Messenger
    List, Yahoo Pager list, and ICQ list. Lentin also attempts to disable
    anti-virus and firewall software.

    An interesting aspect of the attack on the Pakistan government site is
    the nature of the DoS assault itself. Unlike most DoS attacks, which are
    usually sudden bursts which overwhelm a server with requests, this
    attack, using the Lentin.e worm, was designed to slowly accumulate as
    the worm spread, eventually strangling the Pakistani government site
    once the worm gained a critical level of victim computers.

    For more details about the Lentin (a.k.a. Yaha) worm please go here:
    http://www.viruslist.com/eng/viruslist.html?id=49928
     
  2. Pakistan gets their share of hit..at this site left side you can see the ten latest sites compromized and by what group.
    http://www.pakcert.org/main.html
     
Loading...
Thread Status:
Not open for further replies.