Users should beware of a new malware threat in the form of Lebreat, a mass-mailing worm that has the additional threat of exploiting a known Windows flaw in a component called the Local Security Authority Subsystem Service (LSASS). The same vulnerability was exploited by the Sasser worm.
Lebreat harvests email addresses from systems it compromises, and starts sending itself to those addresses, whilst it scans the Internet for computers vulnerable to the LSASS flaw. It also tweaks Windows settings to disable security features such as system restore and automatic updates, but doesn't seem to do so properly. Nevertheless, it remains pretty bad news.
As is common with email worms, Lebreat uses a number of subject lines, message body texts and names for the attachment, F-Secure said. One example of a body text is: "Your credit card was charged for $500 USD [£285]. For additional information see the attachment." The sender address is also faked.
Shortly after the first version of Lebreat appeared, two variants were detected, F-Secure said. The mutations have largely the same payload. F-Secure ranks Lebreat as a "Level 2" threat, which means it is causing large infections, according to a notice on the F-Secure Web site.
As always (and we will say it till we are blue in the face) it is recommended that you install all latest security patches for your operating system, that you keep your anti-virus software up to date, and that you install a firewall of some sort.