|
| The image of Sven Jaschan dropped by the
Lebreat-D worm. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a worm that mocks other well-known worms, and drops an image of
recently convicted virus writer Sven Jaschan onto user's hard
drives.
The W32/Lebreat-D worm
creates a JPEG image file called xsas.jpg on infected computers.
The picture is of Sven Jaschan, the German teenager who was
recently
convicted for authoring the widespread Sasser and Netsky worms.
Beside Jaschan's face the word "Bitch" has been superimposed.
Concealed inside the Lebreat-D worm's code is a lengthy message
from its author which criticises the research done by anti-virus
companies, and complains that security vendors are not calling the
worms by the author's preferred name: Breatle. The message goes on
to claim that Lebreat's author does not think it likely that they
will be investigated by the computer crime authorities.
A small part of the message reads as follows:
Netsky(SkyShit),Beagle or Bagle,Mydoom and Sasser bye bye
bitchs. It will be my game cuz the fbi or police are not searching
for me to arrest me like ya sasser
loooooooooooooooooooooooooooooool (next variants will use a better
engine to send thousands of copies to users.) :P
The Lebreat-D worm can spread via both email attachments and by
exploiting a Microsoft security vulnerability, opening a backdoor
which allows remote hackers to gain control over compromised
Windows computers. Once in place the worm can attempt to launch a
denial of service attack against the websites run by the Symantec
and McAfee security companies, and prevent the user accessing a
list of anti-virus websites.
"The author of Lebreat has written a lengthy diatribe inside his
virus, attacking other worms, security companies, and threatening
that future versions of his worm will infect more people. He or she
also seems to have little sympathy for his fellow virus writer Sven
Jaschan, who was found guilty by a German court last month," said
Graham Cluley,
senior technology consultant for Sophos. "Unfortunately childish
squabbles like this are being fought on the computers of innocent
computer users, uninterested in fights in the virus
underground."
A poll conducted by Sophos this month of over 550 business users
found that 78% felt
that Sven Jaschan's sentence was not harsh enough. Jaschan was
sentenced to one year and nine months on probation and 30 hours
community service.
Sophos recommends companies automatically update their corporate
virus protection, and filter attachments which may contain
malicious code at the email gateway with a consolidated solution to defend against viruses
and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.