Microsoft warns about “the Win32/Lethic trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “shelldm.exe” or “xcllsx.exe”. The malware loads as a process when Windows starts.”
“The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 and so on. It communicates with servers with names such as “dqglobex.com”, “verywellhere.cn”, “iamnothere.cn” among others. Once connected, the trojan allows unauthorized use of the affected computer, including distributing spam,” informs Microsoft.
Forefront Online Protection for Exchange (FOPE) consists of layered technologies to actively help protect businesses’ inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy violations.
Below, you can see the spam distribution model of Win32/Lethic:
You can do more to protect your Internet experience by running a full AV solution, such as Microsoft Security Essentials, for real-time protection.