Discovered: May 15, 2005
Updated: February 13, 2007 12:38:53 PM
Also Known As: Win32.Lineage.S [Computer Asso, Trojan-PSW.Win32.Delf.fz [Kasp, Trojan-PSW.Win32.Lmir.aeu [Kas, PWS-LegMir!chm [McAfee], PWS-Lineage{.dll, !chm} [McAfee], Troj/LegMir-AE [Sophos], CHM_DELF.D [Trend Micro], TROJ_DELF.RM [Trend Micro], TSPY_LINEAGE.AP [Trend Micro]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Trojan.Jasbom is a Trojan horse that attempts to exploit the Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability (as described in the Microsoft Security Bulletin
MS04-013). The Trojan logs keystrokes, mouse clicks, and application memory, when using the application Lineage. The Trojan sends this logged information to a Web site on the j4sb.com domain.
Notes:
- Definitions dated prior to May 12, 2005 may detect this threat as PWSteal.Lineage.
- On May 15, 2005, the company Kakaku.com acknowledged that their Web site may have been compromised between May 11-14, 2005. During this time, Trojan.Jasbom was installed on their Web server. Computer users who accessed this Web site with unpatched versions of Internet Explorer may have had this Trojan downloaded to their computers between these dates.
Protection
-
Initial Rapid Release version May 16, 2005
-
Latest Rapid Release version November 11, 2008 revision 023
-
Initial Daily Certified version May 16, 2005
-
Latest Daily Certified version December 8, 2008 revision 050
-
Initial Weekly Certified release date May 16, 2005
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: Kaoru Hayashi
Technorati
Digg
Delicious
Reddit
StumbleUpon
Furl
Yahoo
Magnolia
Facebook
Newsvine