CeePrompt! Computer Connection

Originally published May 27, 2002

Curiosity killed the Cat -- and the PC

Fortunately, my Norton AntiVirus has intercepted and quarantined these tainted files, but many businesses have not been so lucky. Systems administrators report this bug has been a "nightmare" for their networks requiring many complete hard-drive reformats to cleanse the system.

This virus has many strains and e-mails randomly vary by subject and content. They usually consist of one or two lines and are often grammatically incorrect. One may read, "Hi, This is a IE 6.0 patch. I hope you would like it" while another hawks a game: "Hi, This is a special excite game. This game is my first work. You're the first player. I expect you would like it." Companies have been hard-hit by this virus because they aren't diligent in keeping virus definitions updated and because human curiosity is stronger than a sense of caution.

This virus infects executable files on the host machine by creating a hidden, encrypted copy of the original file and then overwriting the original with itself. The worm spreads by searching the Windows address book, ICQ databases, and local files for e-mail addresses and then sends an e-mail message to these addresses with itself as an attachment. Additionally, the worm carries a payload that executes on the 6th day of odd numbered months in an attempt to overwrite critical program and data files.

It's bad enough that these legitimate threats exist, but there's also an abundance of hoaxes out there as well, masquerading as helpful solutions.

The latest to propagate through e-mail channels is the Jdbgmgr.exe hoax. The message text reads: "I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple:"

If you follow the instructions you will, in fact, find a file with a bear icon, as described, but this is not a virus. It is a valid Windows file that is needed to run certain Java applications. If you succumb to the ruse and delete Jdbgmgr.exe, you'll have to reinstall the Microsoft Virtual Machine to restore the file.

These viruses and hoaxes will continue to proliferate throughout the Internet as long as there are trusting, unsuspecting folks who are too curious, unaware and not proactive. Here's the basic checklist:

* First, install anti-virus software and insure that you check for updates weekly, if not daily.

* Second, never open file attachments unless they are expected no matter how cute, entertaining or helpful they appear. Delete any unknown or suspicious e-mail without opening.

* Third, never forward warnings without verifying their authenticity. If you simply pass it on, even in the spirit of good faith, you're part of the problem as an unwitting accomplice. Visit Web sites that document hoaxes, such as Hoaxbusters or Symantec. Use a good search engine like Google to search for information on the suspected hoax or file name, such as "Jdbgmgr.exe." You'll find plenty of hits that document this particular hoax. Above all, exercise caution and remember: curiosity killed the cat.