CME-875, Win32.Reatle.A, Lebreat, Net-Worm.Win32.Lebreat.gen, W32/[email protected]
Variants: [email protected]
, [email protected]
, [email protected]
Category: Computer Worm
Active & Spreading
15 Jul 2005
Characteristics: [email protected]
is a mass-mailer and a network worm. Shortly after the first version, 2 more variants appeared. The worm also has a backdoor, a Trojan downloader and DoS (Denial of Service) attack capabilities. It is a slow infector, but inflicts medium damage to the infected computer.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
When [email protected]
is executed, it copies itself as the following files: ccapp.exe, Windows.exe, and attach.tmp. It modifies the registry to ensure it loads every start up. It also modifies the registry so that it disables several Windows security features, several Windows security features, System Restore, and Task Manager and Registry Tools. It also gathers email addresses from files with the following extensions: .asp, .txt, .adb, .tbb, .dbx, .html, .htm, and .wab. It stores the gathered email addresses in the file xzy6.tmp. The worm uses its own SMTP engine to send itself to the email addresses that it finds. It opens an FTP server on TCP port 8885 and attempts to connect to a random range of IP addresses on TCP port 445. It downloads itself onto the newly infected computer if a successful connection is made.
The [email protected]
application connects to a remote server. This server is commonly hard-coded in the program. It may be specified using a web or IP address. The backdoor software then waits for commands to execute in the infected system. This program can manipulate the files in the system. This includes both data and system files. They can be edited, moved, or deleted. Installed programs can be launched or closed without the user’s consent. The CD drives may open and close unexpectedly. Other malware applications can be added to the system. This includes adware, spyware, and Trojan software.