Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


New Lebreat worm tries to attack corporate networks

Google
Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

July 15, 2005

Internet security companies warned today that a new worm virus discovered Thursday attempts to compromise corporate networks and PCs, and has so far surfaced in at least three different variants.

The new worm-virus, Lebreat, is a combined network worm and mass-mailing virus at the same time, F-Secure said. Once run on a PC, it installs a backdoor for hackers, downloads the mass-mailer code and attempts to launch a denial-of-service attack that targets security giant Symantec's Web site, the Finnish antivirus specialist said.

The malicious code is also known as Breatle and Reatle at other antivirus companies.

"This virus claims to be 'Breatle AntiVirus v1.0,' and it spreads over both e-mail and network vulnerabilities," F-Secure said.

The network-worm part of Lebreat exploits a known Windows flaw in a component called the Local Security Authority Subsystem Service, the security company said. The LSASS vulnerability was also used by the Sasser worm, F-Secure said in its advisory. Microsoft issued a patch for the LSASS flaw last year.

Lebreat is also a mass-mailer, which means it travels as an attachment in an e-mail message.

Once installed, Lebreat harvests e-mail address from the compromised PC and starts sending itself to those addresses.

It also begins scanning the Internet for computers vulnerable to the LSASS flaw. On the PC, it installs the backdoor and attempts to tweak Windows settings to disable security features such as system restore and automatic updates, but fails to do so, F-Secure said.

As is common with e-mail worms, Lebreat uses a number of subject lines, message body texts and names for the attachment, F-Secure said. One example of a body text is: "Your credit card was charged for $500 USD. For additional information see the attachment." The sender address is also faked.

Shortly after the first version of Lebreat appeared, two variants were detected, F-Secure said. The mutations have largely the same payload. F-Secure ranks Lebreat as a "Level 2" threat, which means it is causing large infections, according to a notice on the F-Secure Web site.

MessageLabs had stopped 5,636 copies of e-mail messages containing Lebreat by late morning on Friday, a company representative said. The e-mail security specialist classifies it as a "medium outbreak."

Symantec has also detected the worm, but has not seen it spread widely, said Dave Cole, a director of product management at Symantec Security Response. Cole confirmed that the worm attempts to launch a distributed denial-of-service attack against the Symantec Web site, but the company is not worried about it. "We don't expect this to create problems," he said.

To protect against Lebreat, as with other threats, users should be cautious when opening e-mail attachments, apply security patches and run up-to-date antivirus software, security companies advised.

Source: C-Net News

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer