Virus Hoax Info

Computer Info Fix-its & Notes

VIRUS vs. HOAX

How to Identify a Hoax
Validate a Warning
What to Do When You Receive a Warning
SAMPLE OF A HOAX
 VIRUS INFO & HOAX SITES


 
 
 

EXCERPT FROM CIAC SITE ON INTERNET VIRUSES AND HOAXES

How to Identify a Hoax

There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are:
(1) Technical sounding language.
(2) Credibility by association.
If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax. Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.
Return to Top Menu

Validate a Warning

CIAC recommends that you DO NOT circulate virus warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or your computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a teams web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes.

Another area of concern is Internet chain letters that may or may not be true. For more information on Internet chain letters reference http://www.cio.energy.gov/cybersecurity/chainmail.htm.
Return to Top Menu


What to Do When You Receive a Warning

Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ciac/index.html You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org.

If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. If he/she is passing on a rumor or if the address of the person does not exist or if there is any questions about the authenticity or the warning, do not circulate it to others. Instead, send the warning to your computer security manager or your incident response team and let them validate it. When in doubt, do not send it out to the world.

In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip.

Another useful web site is the "Computer Virus Myths home page" (http://vmyths.com/) which contains descriptions of several known hoaxes. In most cases, common sense would eliminate Internet hoaxes.

HERE'S A GOOD SAMPLE: We (scottsbt.com) received this much forwarded e-mail on 3/9/99.  Originated 3/5/99 and quotes IBM (as having released info 3/4/99 in the morning) and AOL as sources of news releases on New virus "It Takes Guts to Say Jesus"  This bugger uses all the tricks described above! I personally went on both IBM Virus Alert Warnings and AOL sites, and there was no report issued on the date specified! IBM's last one was Jan 24, 99!
Subject: new virus warning
Date: Friday, March 05, 1999 11:04 AM
new virus warning
VIRUS WARNING
If you receive an email titled "It Takes Guts to Say 'Jesus" DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information  was announced yesterday morning from IBM; please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says RETURNED OR UNABLE TO DELIVER. This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.

AGAIN-----THERE WAS NO VALIDATION OF THIS VIRUS!!!!!!!
Return to Top Menu

HOAX AND VIRUS INFO SITES:
 

HOAX WARNING SITES:
VIRUS WARNINGS :
U.S. DEPT OF ENERGY
COMPUTER INCIDENT ADVISORY CAPABILITY  (CIAC) 		<====AOL relies on US Dept. of Energy site for their warnings
Computer Virus Myths Homepage
ROB ROSENBERGER 		IBM AntiVirus Research
http://www.snopes.com/ Symantec AntiVirus Research

Simple solution: "Thar' Aint None"
Be wary of running any downloaded .exe file from an unknown source!
Check the warning sites before you pass on any e-mail warning.


Return to Top Menu

Return to Computer Info
Show/Hide Sidebar
Hide