Worm spells double trouble for PCs

A double-edged threat that attempts to hijack PCs has surfaced in at least three variants, security companies warned on Friday.

The new pest, Lebreat, is a combined network worm and mass-mailing worm, F-Secure said. Once run on a PC, it installs a backdoor for hackers, downloads the mass-mailer code and attempts to launch a denial-of-service attack that targets security giant Symantec's Web site, the Finnish antivirus specialist said. The malicious code is also known as Breatle and Reatle at other antivirus companies.

"This virus claims to be 'Breatle AntiVirus v1.0,' and it spreads over both e-mail and network vulnerabilities," F-Secure said.

The network-worm part of Lebreat exploits a known Windows flaw in a component called the Local Security Authority Subsystem Service, the security company said. The LSASS vulnerability was also used by the Sasser worm, F-Secure said in its advisory. Microsoft issued a patch for the LSASS flaw last year.

Lebreat is also a mass-mailer, which means it travels as an attachment in an e-mail message.

Once installed, Lebreat harvests e-mail address from the compromised PC and starts sending itself to those addresses. It also begins scanning the Internet for computers vulnerable to the LSASS flaw. On the PC, it installs the backdoor and attempts to tweak Windows settings to disable security features such as system restore and automatic updates, but fails to do so, F-Secure said.

As is common with e-mail worms, Lebreat uses a number of subject lines, message body texts and names for the attachment, F-Secure said. One example of a body text is: "Your credit card was charged for $500 USD. For additional information see the attachment." The sender address is also faked.

Shortly after the first version of Lebreat appeared, two variants were detected, F-Secure said. The mutations have largely the same payload. F-Secure ranks Lebreat as a "Level 2" threat, which means it is causing large infections, according to a notice on the F-Secure Web site.

MessageLabs had stopped 5,636 copies of e-mail messages containing Lebreat by late morning on Friday, a company representative said. The e-mail security specialist classifies it as a "medium outbreak."

Symantec has also detected the worm, but has not seen it spread widely, said Dave Cole, a director of product management at Symantec Security Response. Cole confirmed that the worm attempts to launch a distributed denial-of-service attack against the Symantec Web site, but the company is not worried about it. "We don't expect this to create problems," he said.

To protect against Lebreat, as with other threats, users should be cautious when opening e-mail attachments, apply security patches and run up-to-date antivirus software, security companies advised.

[dylan214u]

Does this affect Apple Computers

Bet I already know the answer!

Same for linux :)

EOM.

know what?

if you are stupid enough to click on attachments that you are not sure about, you really should use apple.<br /><br />if you are smart enough to not trust every single pop-up or email you see, you don't really need a mac (or linux). i've been using windows (sorry, windoze... or is it winblows? both are a cute way to say you don't like microsoft) since 3.0.... why is it that i don't get viri or spyware on my systems? it's becuase the weak link in computing is the piece of meat sitting on the chair typing on the keyboard. if people would just stop blindly clicking EVERY SINGLE "ok" box on their screen, we'd be in much better shape.<br /><br />ok, you can go back to your expensive, proprietary mac and click on anything you want now.

[dylan214u]

Does this affect Apple Computers

Bet I already know the answer!

Same for linux :)

EOM.

know what?

if you are stupid enough to click on attachments that you are not sure about, you really should use apple.<br /><br />if you are smart enough to not trust every single pop-up or email you see, you don't really need a mac (or linux). i've been using windows (sorry, windoze... or is it winblows? both are a cute way to say you don't like microsoft) since 3.0.... why is it that i don't get viri or spyware on my systems? it's becuase the weak link in computing is the piece of meat sitting on the chair typing on the keyboard. if people would just stop blindly clicking EVERY SINGLE "ok" box on their screen, we'd be in much better shape.<br /><br />ok, you can go back to your expensive, proprietary mac and click on anything you want now.

Features

Well now it seems that the AV business is backfiring.<br />Microsoft doesn't write quality or bugfree programs, relying on 3rd parties to keep the pc (relatively) secure. So they don't need to work too much and are happy.<br />3rd parties rely on Microsoft to write bad software with all the needed virus/worm spreading mechanizms like Outlook integrated into the system. So they have a job and make money. So they are happy.<br />The virus/worm writers punish Microsoft for writing bad software and are quite happy.<br />The user pays for Windows, antivirus programs, firewall programs, antispyware etc. so the user _feels_ secure and is happy. <br />If everyone is happy the system works and everyone is getting their money. The only loser is the user (no pun intended), but he's too busy feeling secure and paying up to notice. <br /><br />Now what happens if one of the virus writers turns against one of the most used AV? The system breaks. If the target AV will be disabled and will allow other viruses onto the Windows PC that destroy the data, the users will be unhappy wich in turn makes the security solutions providers unhappy. If people are unhappy the system doesn't work.<br /><br />Now if you didn't understand the above scenario then maybe the next questions will point you in the right direction:<br />Could an AV firm write viruses that disable the competition?<br />Is it in the interest of Microsoft to fix all the bugs making a near perfect system (read: a system that needs no servicepacks, upgrades, next versions)?<br /><br />Think and stop spending so much money on software.

Features

Well now it seems that the AV business is backfiring.<br />Microsoft doesn't write quality or bugfree programs, relying on 3rd parties to keep the pc (relatively) secure. So they don't need to work too much and are happy.<br />3rd parties rely on Microsoft to write bad software with all the needed virus/worm spreading mechanizms like Outlook integrated into the system. So they have a job and make money. So they are happy.<br />The virus/worm writers punish Microsoft for writing bad software and are quite happy.<br />The user pays for Windows, antivirus programs, firewall programs, antispyware etc. so the user _feels_ secure and is happy. <br />If everyone is happy the system works and everyone is getting their money. The only loser is the user (no pun intended), but he's too busy feeling secure and paying up to notice. <br /><br />Now what happens if one of the virus writers turns against one of the most used AV? The system breaks. If the target AV will be disabled and will allow other viruses onto the Windows PC that destroy the data, the users will be unhappy wich in turn makes the security solutions providers unhappy. If people are unhappy the system doesn't work.<br /><br />Now if you didn't understand the above scenario then maybe the next questions will point you in the right direction:<br />Could an AV firm write viruses that disable the competition?<br />Is it in the interest of Microsoft to fix all the bugs making a near perfect system (read: a system that needs no servicepacks, upgrades, next versions)?<br /><br />Think and stop spending so much money on software.