Lebreat “Breatle AntiVirus” Actually Double-Edged Worm for Windows 7/17/2005 - 878 views, 3 Comments
|
Previous Article « Security Hole in VoIP Lets Hackers Reach Out and Hear Someone
Read Next Article » Fly the Unfriendly Skies - Feds Want Broad In-Flight Internet-Tapping Anti-Terror Access for Fly-Fi
A new worm has hit the streets, and it’s a double-edged worm. The Lebreat worm, which is mailing itself around calling itself “Breatle AntiVirus” is both a network worm and a mass-email worm. It’s two, two, two worms in one. According to security firm F-Secure, once Lebreat (or “Breatle”, or even “Reatle”) is installed by an unsuspecting Windows PC user, it both opens a backdoor to the system through which hackers can take control of the PC, and it also installs mass emailing software, and launches a DOS (denial of service) attack against security company Symantec, as well as harvesting all available email addresses on the host system and mailing itself out to them. Friendly little thing, isn’t it? According to F-Secure, “This virus claims to be ‘Breatle AntiVirus v1.0,’ and it spreads over both e-mail and network vulnerabilities.” Lebreat takes advantage of the LSASS (Local Security Authority Subsystem Service) Windows vulnerability which is the same vulnerability which the now infamous Sasser virus exploited. The Sasser virus was recently in the news again when its teenaged author confessed and was sentenced to community service. The informants in that case scored a $250,000 reward from Microsoft. Lebreat is using a number of fake subject lines and content in the spam which contains the Lebreat payload. As always, the best way to avoid Lebreat, and all other viruses and worms, is to avoid opening email attachments unless you are very sure of both their origin and their content. And, of course, keep that anti-virus software up-to-date.
|
|
Email the link for this page to a friend! |
Read more:
» Reminder! Friday is BlackWorm Day
» Windows Worm of the Day Zotob Attacks Plug and Play (a/k/a Botzor.exe, but not “Zobot”)
» New Improved Bagle Worm Win32.Glieder! Now with Win32.Fantibag and Win32.Mitglieder
» Worm Entices Windows Users with Pics of a “Dead” Saddam Hussein
For additional similar stories check out our archives on Virus & AntiVirus, Windows, Worms
LSASS Vulnerability. Hmmm… How long has the patch been out from Microsoft been out for this one? And if you are running some sort of half-way competent firewall to protect Microsoft Networking ports from being available over the internet even if you haven’t patched? Kind of is set up to take advantage of a really old network vulnerability. If’n you’d patched, you wouldn’t have got it this way.
The email side of things of course is the usual, either block executable attachments at the mail server, or hope and pray your Antivirus is really good and has been Just-In-Time updated before you happen to receive one of these turkeys.
Ain’t network administration fun?
Comment by martinelli — 7/19/2005 @ 9:30 pm
So much programming talent being wasted on criminal activities. With the majority of hatred focused on M$,
I have feeling security will never be right with “Windows”. People are lazy, or just dont care about security with their PCs. So this is always going to be an issue in computing. “The worst offenders always hide in the least likely of places.”
Comment by / — 7/23/2005 @ 10:54 am
Yes some people are slack, some people don’t care, but a hell of a lot don’t even know it’s happening, or even possible.
Aunty’s readers are (probably) interested in this sort of thing but there are a hell of a lot of users out there who tune out when they hear “techo talk”. My wife puts her fingers in her ears and sings “la-la-la-la-la-la” when I show her how to use the VCR. It’s not what they want to hear. So they don’t hear it. And I haven’t started on those who don’t speak English who may not get the info translated perfectly. Even when it is translated perfectly half of it is in English anyway cos that’s the language of computing technicians.
I guess there’s no simple solution Even with all it’s resources Microsoft will never “get it right” simply because they have a generalist solution and there are lots of individualists out there who want to prove they know more than the “big boys”
Comment by Richard — 8/1/2005 @ 4:03 pm