Win32/Lethic Trojan Distribute Spam Remote Communication, Warns Microsoft MSRT

Microsoft warns about "the Win32/Lethic trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as "shelldm.exe" or "xcllsx.exe". The malware loads as a process when Windows starts.""The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 […]

Microsoft warns about "the Win32/Lethic trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as "shelldm.exe" or "xcllsx.exe". The malware loads as a process when Windows starts."

"The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 and so on. It communicates with servers with names such as "dqglobex.com", "verywellhere.cn", "iamnothere.cn" among others. Once connected, the trojan allows unauthorized use of the affected computer, including distributing spam," informs Microsoft.

Forefront Online Protection for Exchange (FOPE) consists of layered technologies to actively help protect businesses' inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy violations.

Forefront Online Protection for Exchange diagram

Below, you can see the spam distribution model of Win32/Lethic:

Win32/Lethic spam distribution model

You can do more to protect your Internet experience by running a full AV solution, such as Microsoft Security Essentials, for real-time protection.

[Source]