NEWS FROM THE LAB - Friday, July 15, 2005

Breatle/Lebreat/Reatle worm on the loose Posted by Mikko @ 16:11 GMT

At least three variants of a new massmailer / network worm combo is on the loose. We currently detect it as W32/Lebreat.A@mm.

This virus claims to be "Breatle AntiVirus v1.0", and it spreads over both email and network vulnerabilities such as RPC and LSASS.

Apparently it also tries to launch a DDoS attack against www.symantec.com. With no visible effects so far.

The worm also contains an anti-Symantec message:

  easy to talk but hard to work :)
  what about working in symantec? :P
  it is not only a mass mail worm it is also a lsass worm :)

The worm sends variable emails, with messages such as:

  Your credit card was charged for $500 USD. For additional information see the attachment.

  Hello, I was in a hurry and I forgot to attach an important document. Please see attached.