Go to the FreeLists Home Page Home Signup Help Login 		 



[cybercrime-alerts] || [Date Prev] [05-2002 Date Index] [Date Next] || [Thread Prev] [05-2002 Thread Index] [Thread Next]

Virus Hoax Making The Rounds - 'JDBGMGR.EXE'

  • From: alerts@xxxxxxxxxxx
  • To: cybercrime-alerts@xxxxxxxxxxxxx
  • Date: Thu, 09 May 2002 20:32:33 -0400

* My Tech NewsLetter is at http://theMezzenger.com *


Virus Hoax Making The Rounds - 'JDBGMGR.EXE'

By Michael Bartlett, Newsbytes
SAN JOSE, CALIFORNIA, U.S.A.,
07 May 2002, 5:29 PM CST

 A virus warning is making the rounds urging people to search for a purported 
virus on their hard drives - a file named JDBGMGR.EXE. Chances are, they will 
find it, because the "warning" is a hoax.
According to several anti-virus companies, the hoax first appeared in April, 
but two new variants of the message have been spotted in the last three days.

The bogus warning takes several forms, but in general it tells people they have 
received a dangerous, undetectable virus via e-mail that must be found and 
deleted from their "C" drives. Some variants claim the "virus" hibernates for 
14 days before awakening and causing damage to their computers.

Anti-virus companies have identified French, Spanish, Italian and German 
versions of the English warnings.

In reality, JDBGMGR.EXE is a standard Windows component. According to 
anti-virus company F-Secure, it is uses as a Java debugger manager in a 
Microsoft Java runtime engine.

"We checked several versions of this utility from Windows installations and 
found nothing malicious in them," F-Secure wrote in its warning about the hoax.

The JDBGMGR.EXE hoax followed a similar path as last year's widely spread hoax, 
"SULFNBK.EXE."

Warnings about SULFNBK.EXE began circulating via e-mail in mid-May 2001, first 
in Portuguese, then in English. As the end of May neared, someone apparently 
decided the hoax was not garnering enough attention, and altered the message to 
play up the destructive capability of the "virus," and added a date of doom.

On June 1, 2001, people were warned, the virus would wipe out all files and 
folders on the computer's hard drive if not found and deleted.

The warnings for JDBGMGR.EXE started with a simple suggestion that people find 
and delete the file. Later variants added details that made the virus seem more 
threatening, and warned that it could not be detected by McAfee or Norton 
anti-virus programs.

Dee Liebenstein, product manager for Symantec Security Response, told Newsbytes 
these hoaxes are powerful because they sound frightening.

"People still respond, because the writers are trying to strike fear in the 
hearts of man - that is their goal in life," she said. "Like Trojan horse 
writers that get people to click on an attachment by getting on their good side 
and being friendly, these hoaxes are an example of social engineering. But 
these appeal to you to take action by scaring you."

Liebenstein said the file that people are deleting is not required by the 
operating system to run. She said some Java applets might not work properly, in 
which case the user should reinstall the file.

Some regular computer users are moving so quickly, they do not stop to evaluate 
whether or not they should click on an attachment or delete a file before 
acting, Liebenstein said.

"If you receive an e-mail that asks you to delete files, check with the person 
who sent it to you first. If they got the e-mail and are passing it on, that's 
your first clue."

"Next, you should go to an anti-virus vendor's Web site," she continued. "For 
example, Symantec has a list of popular hoaxes. If it is a real virus, the 
information will be on the Web site, also."

F-Secure is at http://www.datafellows.com/index.shtml .

F-Secure's page for the hoax is at 
http://www.datafellows.com/hoaxes/jdbgmgr.shtml .

Symantec is at http://www.symantec.com .

Symantec's page for the hoax is at 
http://securityresponse.symantec.com/avcenter/venc/data/ 
jdbgmgr.exe.file.hoax.html .

Reported by Newsbytes.com, http://www.newsbytes.com .

17:29 CST
Reposted 18:18 CST

(20020507/Press contact: F-Secure, 408-938-6700; Sherri Walkenhorst for 
Symantec, 801-373-7888 /WIRES ONLINE, PC/VIRUS/PHOTO)


© 2001 The Washington Post Company


--
This was sent to you from http://theMezz.com
To Subscribe/Unsubscribe go to http://techPolice.com

* Our Monthly Tech NewsLetter is at http://theMezzenger.com *




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2008 Avenir Technologies, LLC.