Virus Hoax Making The Rounds - 'JDBGMGR.EXE'


E-Mail This Article

Printer-Friendly Version



By Michael Bartlett, Newsbytes
SAN JOSE, CALIFORNIA, U.S.A.,
07 May 2002, 5:29 PM CST



A virus warning is making the rounds urging people to search for a
purported virus on their hard drives - a file named JDBGMGR.EXE. Chances
are, they will find it, because the "warning" is a hoax.
According to several anti-virus companies, the hoax first appeared in April,
but two new variants of the message have been spotted in the last three
days.







The bogus warning takes several forms, but in general it tells people they
have received a dangerous, undetectable virus via e-mail that must be found
and deleted from their "C" drives. Some variants claim the "virus"
hibernates for 14 days before awakening and causing damage to their
computers.

Anti-virus companies have identified French, Spanish, Italian and German
versions of the English warnings.

In reality, JDBGMGR.EXE is a standard Windows component. According to
anti-virus company F-Secure, it is uses as a Java debugger manager in a
Microsoft Java runtime engine.

"We checked several versions of this utility from Windows installations and
found nothing malicious in them," F-Secure wrote in its warning about the
hoax.

The JDBGMGR.EXE hoax followed a similar path as last year's widely spread
hoax, "SULFNBK.EXE."

Warnings about SULFNBK.EXE began circulating via e-mail in mid-May 2001,
first in Portuguese, then in English. As the end of May neared, someone
apparently decided the hoax was not garnering enough attention, and altered
the message to play up the destructive capability of the "virus," and added
a date of doom.

On June 1, 2001, people were warned, the virus would wipe out all files and
folders on the computer's hard drive if not found and deleted.

The warnings for JDBGMGR.EXE started with a simple suggestion that people
find and delete the file. Later variants added details that made the virus
seem more threatening, and warned that it could not be detected by McAfee or
Norton anti-virus programs.

Dee Liebenstein, product manager for Symantec Security Response, told
Newsbytes these hoaxes are powerful because they sound frightening.

"People still respond, because the writers are trying to strike fear in the
hearts of man - that is their goal in life," she said. "Like Trojan horse
writers that get people to click on an attachment by getting on their good
side and being friendly, these hoaxes are an example of social engineering.
But these appeal to you to take action by scaring you."

Liebenstein said the file that people are deleting is not required by the
operating system to run. She said some Java applets might not work properly,
in which case the user should reinstall the file.

Some regular computer users are moving so quickly, they do not stop to
evaluate whether or not they should click on an attachment or delete a file
before acting, Liebenstein said.

"If you receive an e-mail that asks you to delete files, check with the
person who sent it to you first. If they got the e-mail and are passing it
on, that's your first clue."

"Next, you should go to an anti-virus vendor's Web site," she continued.
"For example, Symantec has a list of popular hoaxes. If it is a real virus,
the information will be on the Web site, also."

F-Secure is at http://www.datafellows.com/index.shtml .

F-Secure's page for the hoax is at
http://www.datafellows.com/hoaxes/jdbgmgr.shtml .

Symantec is at http://www.symantec.com .

Symantec's page for the hoax is at
http://securityresponse.symantec.com/avcenter/venc/data/
jdbgmgr.exe.file.hoax.html .

Reported by Newsbytes.com, http://www.newsbytes.com .

17:29 CST
Reposted 18:18 CST

(20020507/Press contact: F-Secure, 408-938-6700; Sherri Walkenhorst for
Symantec, 801-373-7888 /WIRES TOP, ONLINE, PC/VIRUS/PHOTO)


© 2002 The Washington Post Company