is a trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “shelldm.exe
” or “xcllsx.exe
”. The malware loads as a process when Windows starts.
The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 and so on. It communicates with servers with names such as “dqglobex.com
” among others. Once connected, the trojan allows unauthorized use of the affected computer, including distributing spam.
Forefront Online Protection for Exchange (FOPE) consists of layered technologies to actively help protect businesses’ inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy violations.