Virus Hoax or Real?

How to know if it’s real or a virus hoax:
Internet ScamBusters #15

Internet ScamBusters™
By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
Issue #15

We think you’ll find this issue very useful. We’ll begin with three quick takes…

Quick takes:

Unfortunately, more and more people seem to be spamming. In the past month, the amount of spam we’ve received has tripled from the previous month. Spam is growing from a major annoyance to a real problem. All of this spam is also taking its toll on Net traffic.

For example, our colleague, Gary Bowen, sent us an email last week that he had received four bulk emails from the writer of one of our favorite Internet marketing books. How disappointing! When he responded to the return address asking to remove him from the mailing list, his email requests bounced. Further, we hear more and more stories from people who are having dreadful results when they do send bulk emails (against our advice).

Our advice (again): Don’t spam!

Reducing spam:

We haven’t tried this approach, but it may be worth checking out: Bigfoot Partners, LP, announced last week that they are offering email users free access to their Anti-Spam Defense System, which blocks unwanted junk mail messages.

"E-mail users can block spam simply by subscribing to the Bigfoot Anti-Spam Defense System at the Bigfoot site http://www.bigfoot.com/ Unlike other closed filtering services, Bigfoot provides the only universal anti-spam protection available to all e-mail users regardless of their online service or Internet service provider, (ISP)."


Here’s an interesting article from cnet that shows (not surprisingly):

Net investment scam artists growing in number as Net grows.

Visit http://www.news.com/News/Item/0,4,11044,00.html

Problem:
Many so-called deadly email viruses
are just hoaxes.

We get *lots* of questions asking us about specific computer viruses… and whether or not they are real threats or merely hoaxes. In fact, just this week we’ve been asked about five such viruses: AOL4FREE, Deeyenda, PENPAL GREETINGS!, PKZ300, and NaughtyRobot.

We recently found a Web site where you can get information on the latest computer virus hoaxes. The Department of Energy Computer Incident Advisory Capability (CIAC — don’t you just love the names?) and HoaxBusters maintain a very good site where you can find the latest information on Internet computer virus hoaxes: http://HoaxBusters.ciac.org/

The CIAC writes:

"The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time debunking hoaxes than handling real virus incidents."

Here’s an example: The Deeyenda Virus Hoax

(This is from the CIAC Web site)

The following "Deeyenda" virus warning is a hoax. CIAC has received inquiries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self-activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message.Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message.

>>>>>>>>>> Remember: Below is a HOAX <<<<<<<<<<

**********VIRUS ALERT**********

VERY IMPORTANT INFORMATION, PLEASE READ!

There is a computer virus that is being sent across the Internet. If you receive an email message with the subject line "Deeyenda," DO NOT read the message, DELETE it immediately!

Some miscreant is sending email under the title "Deeyenda" nationwide, if you get anything like this DON’T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterates anything on it. Please be careful and forward this e-mail to anyone you care about.

Please read the message below.

Alex

———–

FCC WARNING!!!!!
DEEYENDA PLAGUES INTERNET

The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, EMAIL and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive

Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information, such as email and login passwords, credit cards, personal info, etc.

The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and password are sent to the server, this virus can copy this information and SEND IT OUT TO UNKNOWN ADDRESSES (varies).

The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked your computer will be unsecure. Although it can attack any O/S this virus is most likely to attack those users viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pages and fear its spread. Please pass this on, for we must alert the general public of the security risks.

………………………………………………………………….

>>>>>>>>>> Remember: Above is a HOAX <<<<<<<<<<

However, to make things more complicated, sometimes there is an element of truth to some of the computer virus hoaxes. Take, for example, AOL4FREE. Here’s the scoop (again from the CIAC Web site).

………………………………………………………………….

AOL4FREE

AOL4FREE actually consists of three separate, independent items:

A. The AOL4FREE Macintosh Program for gaining fraudulent accounts on AOL.

B. The AOL4FREE Virus Warning Hoax.

C. The AOL4FREE.COM Trojan horse program that deletes all the files on your hard drive.

A. The AOL4FREE Macintosh Program was originally written to provide illegal free access to America Online. In the March 1997 issue of the CSI Computer Security Alert the following statement was made concerning the creator of that program:

"A former Yale computer science student has pleaded guilty to defrauding America Online. AOL estimates it lost between $40,000 and $70,000 in service charges because the student distributed his computer program, AOL4FREE, to hundreds of other users."

Note that any attempt to use the original AOL4FREE.COM program may subject you to prosecution.

B. The second item is the AOL4FREE Virus Warning Hoax message. The following message has been circulating around the Internet, warnin
g of a virus infected e-mail message:

>>>>>>>>>> Remember: Below is a HOAX <<<<<<<<<<

************************************************

VIRUS ALERT!!! DON’T OPEN E-MAIL NOTING "AOL4FREE"

Anyone who receives this must send it to as many people as you can. It is essential that this problem be reconciled as soon as possible. A few hours ago, I opened an E-mail that had the subject heading of "AOL4FREE.COM." Within seconds of opening it, a window appeared and began to display my files that were being deleted. I immediately shut down my computer, but it was too late. This virus wiped me out. It ate the Anti-Virus Software that comes with the Windows ’95 Program along with F-Prot AVS. Neither was able to detect it. Please be careful and send this to as many people as possible, so maybe this new virus can be eliminated.

**********************************************

>>>>>>>>>> Remember: Above is a HOAX <<<<<<<<<<

This message has several problems that identify it as a hoax.

1. A virus-like program cannot spread in an e-mail message. While an infected program could be attached to an e-mail message, the e-mail message itself cannot contain one in any form that could be executed.

2. A virus or Trojan horse program cannot infect a system by simply being read. The current mail readers do not execute an e-mail message, they display it on the screen for you to read. You must take care when downloading an attachment to an e-mail message. In some mail readers you can doubleclick on the attachment icon to have it extracted and opened by whatever program created it. If that attachment is a program, it is downloaded and run, and running any program you have not scanned could cause you to be infected with a virus.

3. While this warning message is a hoax, the things it describes could be accomplished with a Trojan horse program. That Trojan horse could then be attached to an e-mail message and if the reader downloads and executes the Trojan horse program, it could do the damage described in this message. In fact, someone has done that as is explained below.

C. The third item is the AOL4FREE.COM Trojan Horse. This program appears to be the AOL4FREE program that creates fraudulent AOL accounts (though it is a DOS program instead of a Macintosh program) but is actually a simple compiled DOS batch file that runs the DOS DELTREE command on the C: directory of a DOS/Windows machine. The DELTREE command deletes all files in a directory, including the directory itself and any subdirectories in that directory. The effect is to delete all files on the C: drive of a DOS/Windows machine. If you should come across this program from any source, do not run it. For more information see CIAC Bulletin H-47a: AOL4FREE.COM Trojan Horse Program Destroys Hard Drives.

CIAC ALWAYS recommends that software downloaded onto a computer from any source (BBS, e-mail attachment, floppy, web) be scanned with anti-virus software prior to being run. Note that most anti-virus software does not detect Trojans, so it is important to know where your software came from before executing it.


Our recommendations:

First, if you receive a notice about a possible computer virus, check it out at the HoaxBusters CIAC Web site:
http://HoaxBusters.ciac.org/
Don’t spread it by simply sending it to other people. We suggest you bookmark this site.

For good information on genuine known computer viruses, check out: http://www.research.ibm.com/antivirus/index.htm

Finally, there are tens of thousands of real computer viruses out there, so use virus protection software. Although there is lots of good software, we use McAfee VirusScan on our PCs (which is a $65 program) and Virex (included with a .mac account) on our Macintoshes.

Visit McAfee at: http://www.mcafee.com/