Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: I Spy A Virus Hoax

  1. #1
    Senior Member
    Join Date
    Jan 2002

    I Spy A Virus Hoax

    since i regularly get emails telling me of impending disaster...and i'm sure you do as well, i offer a short tut on how to spot a hoax.

    virus hoaxes are quite prevalent and are a form of social engineering. they rely on fear and misinformation to spread. many of these types of things are spread by well meaning but uninformed users (your dad, your sister and that helpful person on that listserv you belong to who mails all 9000 users)

    many of these hoaxes are fairly innocuous but they can cause several problems. the first is that some hoaxes actually call for you to delete actual OS system files. (sulfnbk.exe is the most "popular' hoax of this type.) the next problem is that many users are fooled by a hoax, find out about it and then tend to discount the true dangers of malware. the worst problem is that some clever malware writers have taken advantage ofhoaxes and written true malware which takes advantage of previously harmless hoaxes by attaching malicious code to a "hoax" email.

    how to tell

    The Urgency Factor
    or as i sometimes call it the exclamation ratio. count the number of !!!!! in your warning mail. anything over one should raise alarms. example..this is the most destructive virus ever!!!!...

    Exploding Computer Syndrome
    many hoaxes offer dire warnings of critical hardware damage when in fact almost no malware actually does physical damage to a system (CIH being a noteable exception...)

    Pseudo-Credible Source
    often hoax writers will add an apparently reliable source which on closer inspection are false. many hoaxes contain "in an announcement by {IBM, AOL, Microsoft}"...none of these sources generally make statements on malware but for the average user, if they feel that a a message has the credibility of a microsoft, it must be true. the same doesn't necessarily apply for a real announcement from kapersky or symantec, which are far less household names.

    a major clue is the line, "forward this to everyone you know" this is the key to the propogation of a hoax and is usually the dead give away...

    we've all heard the saying if it seems too good to be true, it probably is. my thought for the day when it comes to virus warnings...if it seems seems too bad to be true it probably isn't...if you experience any of these symptoms head to your nearest av vendor website and check out the hoax section...and send the person who sent you the hoax the link as well with a note that tells them to check before passing these things on. you'll do us all a favor.


    ok...ok...i was too lazy last night but here's a list of links...

    Kapersky - http://www.viruslist.com/eng/index.html?tnews=1005
    McAfee - http://vil.nai.com/VIL/hoaxes.asp
    Sohpos - http://www.sophos.com/virusinfo/hoaxes/
    Symantec - http://sarc.com/avcenter/hoax.html
    TrendMicro - http://www.trendmicro.com/vinfo/hoaxes/hoax.asp
    CA - no specific page but search for hoax

    and of course www.vmyths.com ...(except they've got waaay too many pop up ads these days...)

    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Apr 2002
    I would only add to this by saying if you work and your Admin sends out a warning not to forward out the waring to everyone in your address book. Most sys admins are on top of what is going on and are taking corrective action against a known virus and forwarding these type of things waste their time and resources.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Thanx Zigar, if you dont mind, I think that I might forward your post to my "well meaning but uninformed mum and dad".

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  4. #4
    Junior Member
    Join Date
    Jul 2002
    Its always worth checking www.vmyths.com , they have a weekly chart of the most common hoaxes.

    Thank god its Friday

  5. #5
    Old Fart
    Join Date
    Jun 2002
    Good post, zigar. Accounting scandals, voter fraud,M$ admitting they can't compete with free, and now false virus alerts.....world seems to be headed for hell in a handbasket these days. LOL
    It isn't paranoia when you KNOW they're out to get you...

  6. #6
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    Zigar> Don't forget the ever popular "Microsoft and McCaffee did xxx YESTERDAY" I always love seeing the ones that give a day of the week, but no actual date. I actually had a small hoax collection going back in college (96/97) for something to do when I was bored. Anyway, I got a message a few weeks ago that had the YESTERDAY thing that I had in my collection. I was amazed the message stayed around that long.

    Oh yeah, and everyone make sure you turn off your computers this weekend, because on Saturday, Japan is releaseing 6 giant internet cleaning robots because of all the garbage out there. Any machine that is on will be completely erased....
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  7. #7
    Junior Member
    Join Date
    Jul 2002
    NIce tut Zigar. For anyone who wants it, you can always check a hoax or urban legend at www.scambusters.org. Thats one site I send people to who send me hoaxes or legend mail. I've also made it a habit of sending that site link to those few people who use my mail service (as part of the Welcome letter, I provide a list of informative links - McAfee, Norton, McAfee's AVERT, ScamBusters, and a few others). As they say, forewarned is fair-warned :-)
    Just finished a 2 part Linux firewalling tutorial using Firestarter (basic and advanced customization) .....

  8. #8
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    LOL...here's a little funny story. My ex-husband sent those things on almost a daily basis to about 50 people. Finally his father got sick of it, and emailed all the people he had emailed with the page from www.vmyths.com and pointed out that it was a hoax, and that all of the ones he had emailed had been hoaxes also. Guess the embaressment was too much, because I haven't received any since then...it was funny.

    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  9. #9
    Senior Member
    Join Date
    May 2002
    Hoax Busters is the one i use most often.

    i was always a big fan of the amish virus.
    You have just received the Amish virus. Because we don't have any computers, or programming experience, this virus works on the honor system. Please delete all the files from your hard drive and manually forward this virus to everyone on your mailing list. Thank you for your cooperation.
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  10. #10
    Junior Member
    Join Date
    Jun 2002
    Thanks Zigar,
    Most the time I don't even read those emails they got directly to the trash; however, I might start reading them looking for the clues that you mentioned in your tutorial.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts