-
July 19th, 2002, 06:25 AM
#1
I Spy A Virus Hoax
since i regularly get emails telling me of impending disaster...and i'm sure you do as well, i offer a short tut on how to spot a hoax.
virus hoaxes are quite prevalent and are a form of social engineering. they rely on fear and misinformation to spread. many of these types of things are spread by well meaning but uninformed users (your dad, your sister and that helpful person on that listserv you belong to who mails all 9000 users)
many of these hoaxes are fairly innocuous but they can cause several problems. the first is that some hoaxes actually call for you to delete actual OS system files. (sulfnbk.exe is the most "popular' hoax of this type.) the next problem is that many users are fooled by a hoax, find out about it and then tend to discount the true dangers of malware. the worst problem is that some clever malware writers have taken advantage ofhoaxes and written true malware which takes advantage of previously harmless hoaxes by attaching malicious code to a "hoax" email.
how to tell
The Urgency Factor
or as i sometimes call it the exclamation ratio. count the number of !!!!! in your warning mail. anything over one should raise alarms. example..this is the most destructive virus ever!!!!...
Exploding Computer Syndrome
many hoaxes offer dire warnings of critical hardware damage when in fact almost no malware actually does physical damage to a system (CIH being a noteable exception...)
Pseudo-Credible Source
often hoax writers will add an apparently reliable source which on closer inspection are false. many hoaxes contain "in an announcement by {IBM, AOL, Microsoft}"...none of these sources generally make statements on malware but for the average user, if they feel that a a message has the credibility of a microsoft, it must be true. the same doesn't necessarily apply for a real announcement from kapersky or symantec, which are far less household names.
Pass-It-On
a major clue is the line, "forward this to everyone you know" this is the key to the propogation of a hoax and is usually the dead give away...
conclusion
we've all heard the saying if it seems too good to be true, it probably is. my thought for the day when it comes to virus warnings...if it seems seems too bad to be true it probably isn't...if you experience any of these symptoms head to your nearest av vendor website and check out the hoax section...and send the person who sent you the hoax the link as well with a note that tells them to check before passing these things on. you'll do us all a favor.
EDIT:
ok...ok...i was too lazy last night but here's a list of links...
Kapersky - http://www.viruslist.com/eng/index.html?tnews=1005
McAfee - http://vil.nai.com/VIL/hoaxes.asp
Sohpos - http://www.sophos.com/virusinfo/hoaxes/
Symantec - http://sarc.com/avcenter/hoax.html
TrendMicro - http://www.trendmicro.com/vinfo/hoaxes/hoax.asp
CA - no specific page but search for hoax
and of course www.vmyths.com ...(except they've got waaay too many pop up ads these days...)
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
July 19th, 2002, 06:56 AM
#2
I would only add to this by saying if you work and your Admin sends out a warning not to forward out the waring to everyone in your address book. Most sys admins are on top of what is going on and are taking corrective action against a known virus and forwarding these type of things waste their time and resources.
I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg
-
July 19th, 2002, 07:03 AM
#3
Thanx Zigar, if you dont mind, I think that I might forward your post to my "well meaning but uninformed mum and dad".
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
July 19th, 2002, 08:21 AM
#4
Junior Member
Its always worth checking www.vmyths.com , they have a weekly chart of the most common hoaxes.
Thank god its Friday
-
July 19th, 2002, 08:27 AM
#5
Good post, zigar. Accounting scandals, voter fraud,M$ admitting they can't compete with free, and now false virus alerts.....world seems to be headed for hell in a handbasket these days. LOL
Al
It isn't paranoia when you KNOW they're out to get you...
-
July 19th, 2002, 01:53 PM
#6
Zigar> Don't forget the ever popular "Microsoft and McCaffee did xxx YESTERDAY" I always love seeing the ones that give a day of the week, but no actual date. I actually had a small hoax collection going back in college (96/97) for something to do when I was bored. Anyway, I got a message a few weeks ago that had the YESTERDAY thing that I had in my collection. I was amazed the message stayed around that long.
Oh yeah, and everyone make sure you turn off your computers this weekend, because on Saturday, Japan is releaseing 6 giant internet cleaning robots because of all the garbage out there. Any machine that is on will be completely erased....
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
July 19th, 2002, 03:02 PM
#7
Junior Member
NIce tut Zigar. For anyone who wants it, you can always check a hoax or urban legend at www.scambusters.org. Thats one site I send people to who send me hoaxes or legend mail. I've also made it a habit of sending that site link to those few people who use my mail service (as part of the Welcome letter, I provide a list of informative links - McAfee, Norton, McAfee's AVERT, ScamBusters, and a few others). As they say, forewarned is fair-warned :-)
Just finished a 2 part Linux firewalling tutorial using Firestarter (basic and advanced customization) .....
-
July 19th, 2002, 03:07 PM
#8
LOL...here's a little funny story. My ex-husband sent those things on almost a daily basis to about 50 people. Finally his father got sick of it, and emailed all the people he had emailed with the page from www.vmyths.com and pointed out that it was a hoax, and that all of the ones he had emailed had been hoaxes also. Guess the embaressment was too much, because I haven't received any since then...it was funny.
Deb
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
-
July 19th, 2002, 03:19 PM
#9
Hoax Busters is the one i use most often.
i was always a big fan of the amish virus.
You have just received the Amish virus. Because we don't have any computers, or programming experience, this virus works on the honor system. Please delete all the files from your hard drive and manually forward this virus to everyone on your mailing list. Thank you for your cooperation.
just like water off a duck\'s back... I AM HERE.
for CMOS help, check out my CMOS tut?
-
July 19th, 2002, 06:39 PM
#10
Junior Member
Thanks Zigar,
Most the time I don't even read those emails they got directly to the trash; however, I might start reading them looking for the clues that you mentioned in your tutorial.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|