[pcductape] BEWARE THE BEAR!

  • From: Sandi Neumann <sanneumann@xxxxxxxxxxx>
  • To: pcductape@xxxxxxxxxxxxx
  • Date: Fri, 17 Jan 2003 06:16:32 -0500

 This is from the E-List News.  Please read carefully.
BEWARE THE BEAR!

I knew it would happen. (You did, too, I bet.) Just as we learned not to
fear that cute little stuffed bear, someone turned it into something
fearful.

By now, most of the world knows that it is a hoax -- not a tip to a real
virus -- when someone sends you an email warning you about the dangerous
virus file JDBGMGR.EXE. You've surely gotten the email several times by now.
It tells you to look up this file in Windows Explorer -- where it appears
with a stuffed bear icon -- and delete it, being sure to then empty your
Recycle Bin so it won't come back. The problem is, the file isn't a virus,
but a genuine Windows component -- part of the Java Virtual Machine. For
many people, this is a minor file. For some people, it's quite a critical
one.

Well, now that we all know **not** to delete the file, there are two new
viruses that exploit our conviction that this is a hoax. Thanks go to my
fellow Win XP MVP and AumHa VSOP, Jason Tsang, for allerting us to these.

One of the new worms is Dasmin, which uses the filename JDBGMRG.EXE -- very
similar to JDBGMGR.EXE. You can read about it here (
http://www.f-secure.com/v-descs/dasmin.shtml ). The other new worm is
Recory, which actually replaces the real JDBGMGR.EXE with a malicious file
of the same name -- but with a screwdriver icon instead of a stuffed bear.
(I think their message is clear enough, don't you?) You can read about it
here ( http://www.f-secure.com/v-descs/recory.shtml ).

If you have any doubt, don't rush to delete. Any of the main commercial
antivirus programs will catch these right now, so just run a check on your
system. If your virus checker isn't up to date, you may want to temporarily
remove the file first, by moving it over to an otherwise empty floppy and
checking. Mostly, though, keep practicing "safe hex," using practices such
as those recommended by Claymania (
http://www.claymania.com/safe-hex.html ). 

Cheers! 
Sandi
http://pcductape.topcities.com/
SciFi Artwork
news://news.annexcafe.com/annexcafe.phoenix.assemblers
PCD-Offtopic group-(clean!)
pcd-offtopic-subscribe@xxxxxxxxxxxxxxx

Attachment: image001.gif
Description: GIF image

Other related posts:

  • » [pcductape] BEWARE THE BEAR!