March 21, 2010
Hot topics :

Virus Alert: Dasmin Arrives

F-Secure is noting the arrival of Dasmin, a simple UPX-packed Trojan horse program that installs itself to Windows System folder as two separate files:

  • jdbgmrg.exe
  • avirchk.exe

    • The Trojan uses the "jdbgmrg.exe" name, which is very close to the name of a common Windows component: "jdbgmgr.exe". Also one Jdbgmgr hoax variant that was widespread in May 2002 had a typo -- there was "jdbgmrg.exe" file name mentioned there when it should have been "jdbgmgr.exe".

    The Trojan creates autostartup keys for itself in the Registry. It also changes startup and search pages of Internet Explorer.

    F-Secure has not given the Trojan a risk rating. Find out how to disinfect the system here.

    Lirva Still Lives

    Trend Micro continues to report the presence of WORM_LIRVA.C, although it considers the worm not destructive. This memory-resident, mass-mailing worm propagates via email, mapped network-shared drives, Internet Relay Chat or IRC, ICQ and the peer-to-peer file-sharing network of Kazaa.

    To propagate via email, it uses its own Simple Mail Transfer Protocol or SMTP engine to send itself to all target recipients listed in the infected system's Windows Address Book (WAB). It also gathers email recipients from files with the following extensions: IDX, NCH, SHTML, TBB, HTM, WAB, MBX, DBX.

    To read the details of the email it comes with and removal instructions, visit this Trend Micro page.

    Related Articles

    SoBig Growing

    The worm SoBig, first reported on 1/9, has picked up steam, according to MessageLabs. It was given the name "Sobig" because the email address that is always comes from is "big@boss.com".

    Initial analysis suggests this is a mass-mailing virus that incorporates an SMTP engine. It may also have the ability to spread via various network shares, and also appears to download a text file from a Web site hosted by Geocities, which could contain a further URL that may subsequently be used to download a backdoor Trojan.

    SoBig also appears to be able to harvest email addresses from certain files that it searches for on the recipient's hard disk, and uses the email addresses that it finds to send a copy of itself, using the internal SMTP engine. It can also access the contents of the recipient's address book and mailbox for other email addresses. From the copies that MessageLabs have intercepted, the email may be composed as follows:

    Subject:
    Re: here is that sample
    Re: Movies
    Re: Sample
    Re: Document

    To see the hourly and daily catch since last Thursday, visit this MessageLabs page.

    1



    IT Offers





    Partners



















    The Network for Technology Professionals

    Search:

    About Internet.com

    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers

    Solutions

    Whitepapers and eBooks

    Article: Adobe Helps PHP Developers Create Rich Internet Applications
    Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
    Article: Reduce Your Infrastructure Costs with Microsoft System Center
    Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
    Article: Security Enhancements Abound in Windows Server 2008
    Article: Enterprise Social Computing with Microsoft SharePoint 2010
    Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
    		 Microsoft Whitepaper: Improve Communications and Collaboration
    Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
    Microsoft Personalized Whitepapers and Resources for You
    Microsoft Articles: Visual Studio 2010
    Adobe Article: Java Developers Finding a Home at Adobe Flex
    Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES

    Webcasts

    Video: How System Center Helps Reduce IT Costs
    IBM Cloud Computing for Developers Virtual Event, April 6-8
    		Microsoft Video: OCS and Exchange: Platform Futures
    MORE WEBCASTS, PODCASTS, AND VIDEOS

    Downloads and eKits

    HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
    Iron Speed Designer Application Generator
    		 MORE DOWNLOADS, EKITS, AND FREE TRIALS

    Tutorials and Demos

    Learn Unified Communications
    Learn SQL Server 2008
    Learn Windows Server 2008 R2
    Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
    Learn Forefront
    		 Learn System Center
    All About Botnets
    Learn SharePoint
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES