Lebreat “Breatle AntiVirus” Actually Double-Edged Worm for Windows

The Internet Patrol default featured image
Share the knowledge

A new worm has hit the streets, and it’s a double-edged worm. The Lebreat worm, which is mailing itself around calling itself “Breatle AntiVirus” is both a network worm and a mass-email worm. It’s two, two, two worms in one.

According to security firm F-Secure, once Lebreat (or “Breatle”, or even “Reatle”) is installed by an unsuspecting Windows PC user, it both opens a backdoor to the system through which hackers can take control of the PC, and it also installs mass emailing software, and launches a DOS (denial of service) attack against security company Symantec, as well as harvesting all available email addresses on the host system and mailing itself out to them. Friendly little thing, isn’t it?

According to F-Secure, “This virus claims to be ‘Breatle AntiVirus v1.0,’ and it spreads over both e-mail and network vulnerabilities.”

Lebreat takes advantage of the LSASS (Local Security Authority Subsystem Service) Windows vulnerability which is the same vulnerability which the now infamous Sasser virus exploited. The Sasser virus was recently in the news again when its teenaged author confessed and was sentenced to community service. The informants in that case scored a $250,000 reward from Microsoft.

Lebreat is using a number of fake subject lines and content in the spam which contains the Lebreat payload. As always, the best way to avoid Lebreat, and all other viruses and worms, is to avoid opening email attachments unless you are very sure of both their origin and their content.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

And, of course, keep that anti-virus software up-to-date.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

3 thoughts on “Lebreat “Breatle AntiVirus” Actually Double-Edged Worm for Windows

  1. Yes some people are slack, some people don’t care, but a hell of a lot don’t even know it’s happening, or even possible.

    Aunty’s readers are (probably) interested in this sort of thing but there are a hell of a lot of users out there who tune out when they hear “techo talk”. My wife puts her fingers in her ears and sings “la-la-la-la-la-la” when I show her how to use the VCR. It’s not what they want to hear. So they don’t hear it. And I haven’t started on those who don’t speak English who may not get the info translated perfectly. Even when it is translated perfectly half of it is in English anyway cos that’s the language of computing technicians.

    I guess there’s no simple solution Even with all it’s resources Microsoft will never “get it right” simply because they have a generalist solution and there are lots of individualists out there who want to prove they know more than the “big boys”

  2. So much programming talent being wasted on criminal activities. With the majority of hatred focused on M$,
    I have feeling security will never be right with “Windows”. People are lazy, or just dont care about security with their PCs. So this is always going to be an issue in computing. “The worst offenders always hide in the least likely of places.”

  3. LSASS Vulnerability. Hmmm… How long has the patch been out from Microsoft been out for this one? And if you are running some sort of half-way competent firewall to protect Microsoft Networking ports from being available over the internet even if you haven’t patched? Kind of is set up to take advantage of a really old network vulnerability. If’n you’d patched, you wouldn’t have got it this way.

    The email side of things of course is the usual, either block executable attachments at the mail server, or hope and pray your Antivirus is really good and has been Just-In-Time updated before you happen to receive one of these turkeys.

    Ain’t network administration fun?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.