|The image of Sven Jaschan dropped by the Lebreat-D worm.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a worm that mocks other well-known worms, and drops an image of recently convicted virus writer Sven Jaschan onto user's hard drives.
The W32/Lebreat-D worm creates a JPEG image file called xsas.jpg on infected computers. The picture is of Sven Jaschan, the German teenager who was recently convicted for authoring the widespread Sasser and Netsky worms. Beside Jaschan's face the word "Bitch" has been superimposed.
Concealed inside the Lebreat-D worm's code is a lengthy message from its author which criticises the research done by anti-virus companies, and complains that security vendors are not calling the worms by the author's preferred name: Breatle. The message goes on to claim that Lebreat's author does not think it likely that they will be investigated by the computer crime authorities.
A small part of the message reads as follows:
Netsky(SkyShit),Beagle or Bagle,Mydoom and Sasser bye bye bitchs. It will be my game cuz the fbi or police are not searching for me to arrest me like ya sasser loooooooooooooooooooooooooooooool (next variants will use a better engine to send thousands of copies to users.) :P
The Lebreat-D worm can spread via both email attachments and by exploiting a Microsoft security vulnerability, opening a backdoor which allows remote hackers to gain control over compromised Windows computers. Once in place the worm can attempt to launch a denial of service attack against the websites run by the Symantec and McAfee security companies, and prevent the user accessing a list of anti-virus websites.
"The author of Lebreat has written a lengthy diatribe inside his virus, attacking other worms, security companies, and threatening that future versions of his worm will infect more people. He or she also seems to have little sympathy for his fellow virus writer Sven Jaschan, who was found guilty by a German court last month," said Graham Cluley, senior technology consultant for Sophos. "Unfortunately childish squabbles like this are being fought on the computers of innocent computer users, uninterested in fights in the virus underground."
A poll conducted by Sophos this month of over 550 business users found that 78% felt that Sven Jaschan's sentence was not harsh enough. Jaschan was sentenced to one year and nine months on probation and 30 hours community service.
Sophos recommends companies automatically update their corporate virus protection, and filter attachments which may contain malicious code at the email gateway with a consolidated solution to defend against viruses and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.