A friend of mine recently sent me --along with about thirty other people and newsgroups-- yet another one of those wonderful
Forwarded Email hoaxes. This one was about a computer virus that was so woefully fake I felt sorry for anyone who recieved it. So I set about writing a list of rules on how to tell if one has recieved a virus hoax email along with an example of a
hoax virus. Thus I present...
The Protocols of Hoax Virii
Virus hoax emails will invariably display several of these qualities.
- "Microsoft has issued a statement saying..." - This one is the biggest tipoff. Microsoft doesn't issue statements about viruses. Antivirus places will issue statements, but not Microsoft.
- "...erases your hard drive." - This one is explained later on, but it's a clear indicator.
- "...the White House issued a statement about..." - Another line of crap. There are only a couple of viruses that the government has ever given a public statement on that I can remember. One was Melissa, the first really horrible virus. The other was Code Red. In these instances, the White House doesn't say anything. The Pentagon might issue a statement about it, but keep in mind that if a virus was bad enough that the Pentagon issued a statement on it, you would have already heard about it in the newspapers, on TV, from office gossip, or from your IT department.
- "...passes through the phone line/electrical line/water pipe/static electricity..." - This one might sound like pure idiocy, but there are those who simply don't know how these things get transferred. I've actually seen reputable magazines write articles give claim that if you get a computer virus that you should unplug your toaster, or keep your cellphone away from the machine. Folks, viruses/worms/trojans only attack computers, in the simplest terms, the kind you sit down and use, and even then it has to be exposed somehow, be it email, a floppy disk, or so forth. The computer chip in your car is not going to get the Code Red virus even if you left your engine sitting in a pile of infected hard drives. The explaination of just what a virus can infect is a little more complex, but if you need someone to explain what a real versus a fake virus warning is, you need not be concerned with the details.
- "...send this to everyone you know..." - explained later.
- "...a friend of mine got this virus..." - explained later.
- The Virus in question has no name - If the entire email doesn't mention a name for the virus, like Nimda, or Code Red, etc... then it's probably a hoax. Viruses have names, it's how those who write them get their notoriety. The people who write these buggers have little else to brag about in life than the fact they wrote a virus and ruined some poor Joe's computer. They will name it. If it's not really apparent what the name is, then the Antivirus sites will name it.
- The details on what it does are kinda vague - explained later.
- The original sender's email cannot be verified - if you scroll to the very bottom right before the message, and look at who originally sent this thing, chances are the address is either no longer valid, or it is a an anonymous email account such as hotmail or yahoo. This is because the person who starts these hoaxes knows that they are mass mailing a bunch of BS, and breaking the law.
If you have recieved a hoax I ask on behalf of
network administrators everywhere that you not forward virus warnings to others as a courtesy, because it's spam, and generates unneccesary worry about a hoax. If any of you feel the need to send these hoaxes anyway, then there is a special spot for you reserved in
Hell. For I detest
Chain Letters. Especially ones that masquerade as something legit. And a fake virus warning is nothing but a sneaky chain letter.
Here's an example of a hoax virus email. The address is, of course, a fake, but is left in there so you can see what I'm talking about.
)From: Susan Farrington
).59730.qmail@web13101.mail.yahoo.com>
)
)
)Sent: Monday, October 15, 2001 3:32 PM
)Subject: Fw: Attention all Internet Users
)
)
) Attention all Internet Users:
) This looks like a bad one that's coming. Forward
)this to others. Please read and forward to everyone
)you know......
) DO NOT OPEN: "NEW PICTURES OF FAMILY". It is a
)virus that will erase your whole "C" drive.
) It will come to you in the form of a E-mail from a
)familiar person. I repeat a friend sent it to me,
)but called & warned me before I opened it.
) He was not so lucky and now he can't even start
)his computer! Copy and paste this into an e-mail
)to everyone in your address book. I
) would rather receive this 25 times than not at
)all. Also: Intel announced that a new and very
)destructive virus was discovered recently. If you
) receive an email called "FAMILY PICTURES," do not
)open it. Delete it right away!
) This virus removes all dynamic link libraries
)(.dll files) from your computer. Your computer
)will not be able to boot
A whole bunch of dookie. Anyways, on with the debunking of this sample email...
"...this to others. Please read and forward to everyone
you know..."
Anyone who has had email for more than a week should recognize this as a standard line from
a chain letter. These virus hoaxes are pleas for attention from whomever originated them. Well-meaning souls
forward them on, thinking they will help others. What it really is, however, is just another form of chain letter with a couple of buzz words thrown in. If you ever get an email about a REAL virus, it will be from your IT department at work, or from someone you know that works and just got hit with it personally. By that time it will already be on the
Norton Antivirus site, the
McAffee site, the news, and so on. If it didn't come from them, it ain't real, or your virus protection is good enough to declassify it and make it a
non-issue.
"...DO NOT OPEN: "NEW PICTURES OF FAMILY". It is a virus that will erase your whole "C" drive..."
Okay, this is another
red flag when reading about any virus. Folks, viruses
don't erase your hard drive. They...just...don't.
Anti-Virus software out
there has every single permutation that would allow for a format, or an erase,
or so forth. It doesn't matter how it tries, a virus cannot erase your hard
drive unless you have zero
virus-protection whatsoever. Even then, it's a stretch
because these viruses are so easily contained by everyone, plus the
exchange server or
apache server that is handling delivery of your email, that it never makes it
further than 50 machines. Ever. If you don't believe me, then do your own
research at the
Symmantec web site.
http://www.symantec.com/avcenter
"...familiar person. I repeat a friend sent it to me, but called & warned me before I opened it..."
Geeee... no name for this friend. No email to verify his claim. No number to
call. No mention of his occupation? Not to insult anyone here, but unless you
work on these sorts of things for a living, you won't know -which- email
caused it to happen because Viruses don't release their payload (the bad things)
until afterward, usually the next reboot. If it's a stealthy
bugger then you
probably won't know for several weeks or months. By then, the virus will have
infected whoever it's going to anyway, then die off.
"...his computer! Copy and paste this into an e-mail to everyone in your address book. I would rather receive this 25 times than not at all. Also: Intel announced that a new and very
Okay, remember the Chain Letter paragraph earlier? Remember the desperate cry for
attention I mentioned earlier? THIS IS THE GOAL OF EVERYONE WHO ORIGINATES THESE
HOAXES. They
WANT to get this thing back as many times as they can for some sort
of sick need to accomplish something while not resorting to something as unpleasant
as getting a job. They
WANT their name and email address to get spread around so
that they can get some email, because no one will send them email otherwise. Or they want
to see how long it takes for the story to circle back around to a different account of theirs (a real one).
There's also a sick bit of irony here. Most virii spread themselves via email. They fire
off an email to everyone in the address book to "survive". Effectively, all Susan has done
is create a virus that "made you look" and you are the willing engine of this ChainMail virus
as you helpfully forward it off to everyone you know.
It gets worse however. You send one of these "Virus Warning" email originators a letter like "Gee, thanks, you
really know your stuff! How else can I protect myself?" If it was a real email account after all, they might just say
"Oh, well, I have this cool program that helps out a lot, here, I'll send you a copy." then BOOM. You're infected with a
Trojan Horse (a program that looks benign but allows others remote
Administrator Level access to your computer --it means they can do bad things to your machine).
"...This virus removes all dynamic link libraries (.dll files) from your computer. Your computer will not be able to boot..."
Okay, now while a virus may certainly attempt this, it CAN'T remove
most DLLs because at any given time they are IN USE. However, I feel the need to
point out that earlier Susan said the virus "will erase your whole "C" drive".
Well, folks, removing the few DLLs that aren't in use could certainly cause your
machine not to boot up properly, or boot up but not allow certain programs to run properly,
it does not "erase your whole "C" drive". Nor is it totally unrecoverable. Usually just
installing Windows again will do the trick. Of course, thats for LEGITIMATE virus warnings,
and rest assured, if it's legit, you'll have either already been hit, or already been protected.
That's how these things work. The
Nimda Worm took down a good portion the 'Net in 2 days.
A friend of a friend of a friend of a friend "figuring it out", sending out a massive email
warning, and not providing any real details as to -exactly- what it does, what it affects, what
platforms are vulnerable, and so forth, is just blowing smoke.
I hope you all have come away from this learning something... The morale of the story is
"Chain Letters still exist, they've just changed their name to 'Virus Warnings'" and remember boys and girls,
Chain Letters are still illegal. As is
Spam.