The Internet is constantly being flooded with information
about computer viruses and Trojans. However, interspersed among
real virus notices are computer virus hoaxes. While these hoaxes
do not infect systems, they are still time consuming and costly
to handle. At the Computer Incident Advisory Capability (CIAC)
website, they are spending much more time de-bunking hoaxes than
handling real virus incidents. For details on most current virus
hoaxes and other computer "incidents", go to the CIAC
website (http://ciac.llnl.gov).
Most of the material on this page was taken from this website.
You should not spread unconfirmed warnings about viruses
and Trojans. If you receive an invalidated warning, don't pass
it to all your friends, validate it first. Validated warnings
from the incident response teams and anti virus vendors have
valid return addresses and are usually PGP signed with the organization's
key.
CIAC ALWAYS recommends that software downloaded onto a computer
from any source (BBS, e-mail attachment, floppy, web) be scanned
with anti virus software prior to being run. Note that most anti
virus software does not detect Trojans, so it is important to
know where your software came from before executing it.
You can help eliminate "junk mail" by learning
how to identify a new hoax warning, how to identify a valid warning
and what to do if you think a message is a hoax.
Some currently circulating hoaxes:
PKZ300
|
Irina
|
Good Times
|
Naughty Robot
|
AOL4FREE
|
PENPAL GREETINGS!
|
Deeyenda
|
Make Money Fast
|
Bud Frogs Screen Saver
|
Ghost
|
Disney Giveaway Hoax
|
Internet Access Charge
|
Join the Crew
|
AOL V4.0 Cookie
|
Bill Gates Hoax
|
Death Ray
|
A.I.D.S. Hoax
|
Internet Cleanup Day
|
WIN A HOLIDAY
|
AOL Riot June 1, 1998
|
E-mail or get a Virus
|
How to Identify a Hoax
There are several methods to identify virus hoaxes, but first
consider what makes a successful hoax on the Internet. There
are two known factors that make a successful virus hoax, they
are: (1) technical sounding language, and (2) credibility by
association. If the warning uses the proper technical jargon,
most individuals, including technologically savvy individuals,
tend to believe the warning is real. For example, the Good Times
hoax says that "...if the program is not stopped, the computer's
processor will be placed in an nth-complexity infinite binary
loop which can severely damage the processor...". The first
time you read this, it sounds like it might be something real.
With a little research, you find that there is no such thing
as an nth-complexity infinite binary loop and that processors
are designed to run loops for weeks at a time without damage.
When we say credibility by association we are referring to
whom sent the warning. If the janitor at a large technological
organization sends a warning to someone outside of that organization,
people on the outside tend to believe the warning because the
company should know about those things. Even though the person
sending the warning may not have a clue what he is talking about,
the prestige of the company backs the warning, making it appear
real. If a manager at the company sends the warning, the message
is doubly backed by the company's and the manager's reputations.
Individuals should also be especially alert if the warning
urges you to pass it on to your friends. This should raise a
red flag that the warning may be a hoax. Another flag to watch
for is when the warning indicates that it is a Federal Communication
Commission (FCC) warning. According to the FCC, they have not
and never will disseminate warnings on viruses. It is not part
of their job.
Validate a Warning
CIAC recommends that you DO NOT circulate virus warnings
without first checking with an authoritative source. Real warnings
about viruses and other network problems are issued by different
response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally
signed by the sending team using PGP. If you download a warning
from a teams web site or validate the PGP signature, you can
usually be assured that the warning is real. Warnings without
the name of the person sending the original notice, or warnings
with names, addresses and phone numbers that do not actually
exist are probably hoaxes.
Another area of concern is Internet chain letters that may
or may not be true. For more information on Internet chain letters,
go to http://ciac.llnl.gov/ciac/CIACChainLetters.html.
What to Do When You Receive a Warning
Upon receiving a warning, you should examine its PGP signature
to see that it is from a real response team or anti virus organization.
To do so, you will need a copy of the PGP software and the public
signature of the team that sent the message. The CIAC signature
is available at the CIAC home page: (http://ciac.llnl.gov/).
You can find the addresses of other response teams by connecting
to the FIRST web page at: http://www.first.org.
If there is no PGP
signature, see if the warning includes the name of the person
submitting the original warning. Contact that person to see if
he/she really wrote the warning and if he/she really touched
the virus. If he/she is passing on a rumor or if the address
of the person does not exist or if there is any questions about
the authenticity or the warning, do not circulate it to others.
Instead, send the warning to your computer security manager or
your incident response team and let them validate it. When in
doubt, do not send it out to the world.
In addition, most anti-virus companies have a web page containing
information about most known viruses and hoaxes. You can also
call or check the web site of the company that produces the product
that is supposed to contain the virus. Checking the PKWARE site
for the current releases of PKZip would stop the circulation
of the warning about PKZ300 since there is no released version
3 of PKZip. Another useful web site is the "Computer Virus
Myths home page" (http://www.kumite.com/myths/)
which contains descriptions of several known hoaxes. In most
cases, common sense would eliminate Internet hoaxes.
|