Irina Cios on Thu, 30 May 2002 13:19:14 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-ro] Virus Hoax Making The Rounds - 'JDBGMGR.EXE'


Virus Hoax Making The Rounds - 'JDBGMGR.EXE' 

A virus warning is making the rounds urging people to search for a purported virus on their hard drives - a file named JDBGMGR.EXE. Chances are, they will find it, because the "warning" is a hoax.

According to several anti-virus companies, the hoax first appeared in April, but two new variants of the message have been spotted in the last three days.

The bogus warning takes several forms, but in general it tells people they have received a dangerous, undetectable virus via e-mail that must be found and deleted from their "C" drives. Some variants claim the "virus" hibernates for 14 days before awakening and causing damage to their computers.

Anti-virus companies have identified French, Spanish, Italian and German versions of the English warnings.

In reality, JDBGMGR.EXE is a standard Windows component. According to anti-virus company F-Secure, it uses as a Java debugger manager in a Microsoft Java runtime engine.

"We checked several versions of this utility from Windows installations and found nothing malicious in them," F-Secure wrote in its warning about the hoax.

The JDBGMGR.EXE hoax followed a similar path as last year's widely spread hoax, "SULFNBK.EXE."

Warnings about SULFNBK.EXE began circulating via e-mail in mid-May 2001, first in Portuguese, then in English. As the end of May neared, someone apparently decided the hoax was not garnering enough attention, and altered the message to play up the destructive capability of the "virus," and added a date of doom.

On June 1, 2001, people were warned, the virus would wipe out all files and folders on the computer's hard drive if not found and deleted.

The warnings for JDBGMGR.EXE started with a simple suggestion that people find and delete the file. Later variants added details that made the virus seem more threatening, and warned that it could not be detected by McAfee or Norton anti-virus programs.

Dee Liebenstein, product manager for Symantec Security Response, told Newsbytes these hoaxes are powerful because they sound frightening.

"People still respond, because the writers are trying to strike fear in the hearts of man - that is their goal in life," she said. "Like Trojan horse writers that get people to click on an attachment by getting on their good side and being friendly, these hoaxes are an example of social engineering. But these appeal to you to take action by scaring you."

Liebenstein said the file that people are deleting is not required by the operating system to run. She said some Java applets might not work properly, in which case the user should reinstall the file.

Some regular computer users are moving so quickly, they do not stop to evaluate whether or not they should click on an attachment or delete a file before acting, Liebenstein said.

"If you receive an e-mail that asks you to delete files, check with the person who sent it to you first. If they got the e-mail and are passing it on, that's your first clue."

"Next, you should go to an anti-virus vendor's Web site," she continued. "For example, Symantec has a list of popular hoaxes. If it is a real virus, the information will be on the Web site, also."