The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time de-bunking hoaxes than handling real virus incidents. This page describes only a small number of the hoax warnings that are found on the Internet today. We will address some of the history of hoaxes on the Internet.
Users are requested to please not spread unconfirmed warnings about viruses and Trojans. If you receive an unvalidated warning, don't pass it to all your friends, pass it to your computer security manager to validate first. Validated warnings from the incident response teams and antivirus vendors have valid return addresses and are usually PGP signed with the organization's key.
The PKZ300 Trojan is a real Trojan program, but the initial warning about it was released over a year ago. For information pertaining to PKZ300 Trojan reference CIAC Notes issue 95-10, at http://ciac.llnl.gov/ciac/notes/Notes10.shtml that was released in June of 1995. The warning itself, on the other hand, is gaining urban legend status. There has been an extremely limited number of sightings of this Trojan and those appeared over a year ago. Even though the Trojan warning is real, the repeated circulation of the warning is a nuisance. Individuals who need the current release of PKZIP should visit the PKWare web page at http://www.pkware.com. CIAC recommends that you DO NOT recirculate the warning about this particular Trojan.
The following is the true warning about PKZ300 from the PKWare web site:
!!! PKZIP Trojan Horse Version - (Originally Posted May 1995) !!!
It has come to the attention of PKWARE that a fake version of PKZIP is being
distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an offical version from
PKWARE and it will attempt to erase your hard drive if run. It attempts to
perform a deletion of all the directories of your current drive. If you have
any information as to the creators of this trojan horse, PKWARE would be
extremely interested to hear from you. If you have any other questions about
this fake version, please e-mail support@pkware.com
The "Irina" virus warnings are a hoax. The former head of an electronic publishing company circulated the warning to create publicity for a new interactive book by the same name. The publishing company has apologized for the publicity stunt that backfired and panicked Internet users worldwide. The original warning claimed to be from a Professor Edward Pridedaux of the College of Slavic Studies in London; there is no such person or college. However, London's School of Slavonic and East European Studies has been inundated with calls. This poorly thought-out publicity stunt was highly irresponsible. For more information pertaining to this hoax, reference the UK Daily Telegraph at http://www.telegraph.co.uk. The original hoax message is as follows:
FYI
There is a computer virus that is being sent across the Internet.
If you receive an e-mail message with the subject line "Irina", DONOT
read the message. DELETE it immediately.
Some miscreant is sending people files under the title "Irina". If
you receive this mail or file, do not download it. It has a virus
that rewrites your hard drive, obliterating anything on it. Please be
careful and forward this mail to anyone you care about.
( Information received from the Professor Edward Prideaux, College of
Slavonic Studies, London ).
The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning.
CIAC first described the Good Times Hoax in CIAC NOTES 94-04c released in December 1994 and described it again in CIAC NOTES 95-09 in April 1995. More information is in the Good_Times FAQ (http://www-mcb.ucdavis.edu/info/virus.html) written by Les Jones.
The original "Good Times" message that was posted and circulated in November and December of 1994 contained the following warning:
Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there. There is a virus on
America Online being sent by E-Mail. If you get anything called "Good Times",
DON'T read it or download it. It is a virus that will erase your hard drive.
Forward this to all your friends. It may help them a lot.
Soon after the release of CIAC NOTES 04, another "Good Times" message was circulated. This is the same message that is being circulated during this recent "Good Times" rebirth. This message includes a claim that the Federal Communications Commission (FCC) released a warning about the danger of the "Good Times" virus, but the FCC did not and will not ever issue a virus warning. It is not their job to do so. See the FCC Public Notice 5036. The following is the expanded "Good Times" hoax message:
The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that
no program needs to be exchanged for a new computer to be infected.
It can be spread through the existing e-mail systems of the
InterNet. Once a computer is infected, one of several things can
happen. If the computer contains a hard drive, that will most
likely be destroyed. If the program is not stopped, the computer's
processor will be placed in an nth-complexity infinite binary loop
- which can severely damage the processor if left running that way
too long. Unfortunately, most novice computer users will not
realize what is happening until it is far too late.
The following spoof of the good times hoax is too well done not to include here. Written by Patrick J Rothfuss, December 1996
READ THIS:
Goodtimes will re-write your hard drive. Not only that, but
it will scramble any disks that are even close to your computer. It
will recalibrate your refrigerator's coolness setting so all your ice
cream goes melty. It will demagnetize the strips on all your credit
cards, screw up the tracking on your television and use subspace field
harmonics to scratch any CD's you try to play.
It will give your ex-girlfriend your new phone number. It
will mix Kool-aid into your fishtank. It will drink all your beer and
leave its socks out on the coffee table when there's company coming
over. It will put a dead kitten in the back pocket of your good suit
pants and hide your car keys when you are late for work.
Goodtimes will make you fall in love with a penguin. It will
give you nightmares about circus midgets. It will pour sugar in your
gas tank and shave off both your eyebrows while dating your
girlfriend behind your back and billing the dinner and hotel room to
your Discover card.
It will seduce your grandmother. It does not matter if she
is dead, such is the power of Goodtimes, it reaches out beyond the
grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't
find it. It will kick your dog. It will leave libidinous messages on
your boss's voice mail in your voice! It is insidious and subtle. It
is dangerous and terrifying to behold. It is also a rather
interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the
toilet seat up. It will make a batch of Methanphedime in your bathtub
and then leave bacon cooking on the stove while it goes out to chase
gradeschoolers with your new snowblower.
Listen to me. Goodtimes does not exist.
It cannot do anything to you. But I can. I am sending this
message to everyone in the world. Tell your friends, tell your
family. If anyone else sends me another E-mail about this fake
Goodtimes Virus, I will turn hating them into a religion. I will do
things to them that would make a horsehead in your bed look like
Easter Sunday brunch.
So there, take that Good Times.
The following "Deeyenda" virus warning is a hoax. CIAC has received inqueries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message.
**********VIRUS ALERT**********
VERY IMPORTANT INFORMATION, PLEASE READ!
There is a computer virus that is being sent across the Internet. If
you receive an email message with the subject line "Deeyenda", DO NOT
read the message, DELETE it immediately!
Some miscreant is sending email under the title "Deeyenda" nationwide,
if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus
that rewrites your hard drive, obliterates anything on it. Please be
careful and forward this e-mail to anyone you care about.
Please read the message below.
Alex
-----------
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
The Internet community has again been plagued by another computer
virus. This message is being spread throughout the Internet, including
USENET posting, EMAIL, and other Internet activities. The reason for
all the attention is because of the nature of this virus and the
potential security risk it makes. Instead of a destructive Trojan
virus (like most viruses!), this virus referred to as Deeyenda Maddick,
performs a comprehensive search on your computer, looking for valuable
information, such as email and login passwords, credit cards, personal
inf., etc.
The Deeyenda virus also has the capability to stay memory resident
while running a host of applications and operation systems, such as
Windows 3.11 and Windows 95. What this means to Internet users is that
when a login and password are send to the server, this virus can copy
this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).
The reason for this warning is because the Deeyenda virus is virtually
undetectable. Once attacked your computer will be unsecure. Although
it can attack any O/S this virus is most likely to attack those users
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
Explorer 3.0+ which are running under Windows 95). Researchers at
Princeton University have found this virus on a number of World Wide
Web pagesand fear its spread.
Please pass this on, for we must alert the general public at the
security risks.
The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal
virus procedure of scanning it before running it should be followed.
The PENPAL GREETINGS! Hoax shown below appears to be an attempt to kill an e-mail chain letter by claiming that it is a self starting Trojan that destroys your hard drive and then sends copies of itself to everyone whose address in in your mailbox. Reading an e-mail message does not run it nor does it run any attachments, so this Trojan must be self starting. Aside from the fact that a program cannot start itself, the Trojan would also have to know about every different kind of e-mail program to be able to forward copies of itself to other people. This warning is totally a hoax.
FYI!
Subject: Virus Alert
Importance: High
If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
reading it. Below is a little explanation of the message, and what it would
do to your PC if you were to read the message. If you have any questions or
concerns please contact SAF-IA Info Office on 697-5059.
This is a warning for all internet users - there is a dangerous virus
propogating across the internet through an e-mail message entitled "PENPAL
GREETINGS!".
DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are
interestedin a penpal, but by the time you read this letter, it is too late.
The "trojan horse" virus will have already infected the boot sector of your hard
drive, destroying all of the data present. It is a self-replicating virus,
and once the message is read, it will AUTOMATICALLY forward itself to anyone
who's e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY
the hard drive of anyone whose mail is in your inbox, and who's mail is in
their inbox, and so on. If this virus remains unchecked, it has the potential
to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!
And pass this message along to all of your friends and relatives, and the
other readers of the newsgroups and mailing lists which you are on, so that
they are not hurt by this dangerous virus!!!!
The Make Money Fast Warning Hoax appears to be similar to the PENPAL GREETINGS! Warning in that it is a hoax warning message that is attempting to kill an e-mail chain letter. While laudable in its intent, the hoax warning has caused as much or more problems than the chain letter it is attempting to kill.
Quite a few Web site administrators have received email messages that seem to be originating from the same machine hosting the Web site. The email headers are apparently being forged to hide the original sender of the message. The mail being received contains the following:
Subject: security breached by NaughtyRobot
This message was sent to you by NaughtyRobot, an Internet spider that
crawls into your server through a tiny hole in the World Wide Web.
NaughtyRobot exploits a security bug in HTTP and has visited your host
system to collect personal, private, and sensitive information.
It has captured your Email and physical addresses, as well as your phone
and credit card numbers. To protect yourself against the misuse of this
information, do the following:
1. alert your server SysOp,
2. contact your local police,
3. disconnect your telephone, and
4. report your credit cards as lost.
Act at once. Remember: only YOU can prevent DATA fires.
This has been a public service announcement from the makers of
NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
The NaughtyRobot email message appears to be a hoax. There is no indication that any of the problems described in the body have taken place on any machine.
Circulating the Internet is an email message entitled "Join the Crew". For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message.
IMPORTANT - VIRUS Alert!!! Take note ! Someone got an email, titled as JOIN THE CREW. It has erased his hard drive. Do not open up any mail that has this title. It will erase your whole hard drive. This is a new email virus and not a lot of people know about it, just let everyone know, so they won't be a victim. Please e-mail this to everyone you know!!! Remember the title : JOIN THE CREW
Variants of this email message are circulating the Internet. If you receive an email message entitled "Join the Crew" and it has an attachment, CIAC recommends that you delete the message and the attachment. If you receive just the message, delete the message. Please DO NOT circulate unvalidated virus alerts.
The Death Ray Virus is a hoax. The following "Death Ray Virus" warning was reported in the Weekly World News and other publications. CIAC knows of no virus or any computer program for that matter that has caused physical damage to a computer or cause it to explode.
A deadly new computer virus that actually causes home computers to explode in a hellish blast of glass fragments and flame has injured at least 47 people since August 15, horrifying authorities who say millions of people are risking injury, blindness or death every time they sit down to work at their PC! "Computer viruses of the past could disable your computer, but this virus goes a step further -- and can kill you," declared Martin Heriden, a computer expert who specializes in identifying computer viruses. "This virus doesn't carry the usual 'markers' that enable it to be detected. It slips through the cracks, so to speak. "It is an extremely complicated process. But suffice it to say that the virus affects the computer's hardware, creating conditions that lead to dangerous short circuits and power surges. The end result? Explosions -- powerful explosions. And millions of Internet users are at risk." The virus, nicknamed Death Ray by experts like Heriden, surfaced in England on August 1. A 24-year-old college student was permanently blinded when his 15-inch color monitor exploded in his face. "So how do you protect yourself? I wish I knew," said Heriden. "You either stop using the Internet or you take your chances until we can get a handle on this thing and get rid of it for good.
Circulating the Internet is an email message warning about an A.I.D.S. virus that destroys your computer. This warning is a hoax.
There are actually several real AIDS viruses and Trojan horses, but this warning message does not describe any of them.
This particular warning message (shown below) indicates that the virus comes in an e-mail message. While a virus may be in an attachment to an e-mail message, reading that message with a standard mail reader can not execute a virus. A virus in an attachment can not do anything until that attachment is executed, or in the case of a Word macro virus, the attached Word document is opened in Word. For this reason, CIAC recommends that you scan all executable programs and Word documents that were sent as attachments to e-mail messages before running or editing them.
The warning claims the virus destroys your actual hardware, such as memory, mouse, key board, and hard drive, all of which is impossible. Also notice that the author has not signed the message or given you any way to authenticate it, which is another strong indication of a hoax.
THEREE IS A VIRUS GOING AROUND CALLED THE A.I.D.S VIRUS. IT WILL ATTACH ITSELF INSIDE YOUR COMPUTER AND EAT AWAY AT YOUR MEMORY THIS MEMORY IS IRREPLACEABLE. THEN WHEN IT'S FINISHED WITH MEMORY IT INFECTS YOUR MOUSE OR POINTING DEVICE. THEN IT GOES TO YOUR KEY BOARD AND THE LETTERS YOU TYPE WILLNOT REGISTER ON SCREEN. BEFORE IT SELF TERMINATES IT EATS 5MB OF HARD DRIVE SPACE AND WILL DELETE ALL PROGRAMS ON IT AND IT CAN SHUT DOWN ANY 8 BIT TO 16 BIT SOUND CARDS RENDERING YOUR SPEAKERS USELESS. IT WILL COME IN E-MAIL CALLED "OPEN:VERY COOL! :) DELETE IT RIGHT AWAY. THIS VIRUS WILL BASICLY RENDER YOUR COMPUTER USELESS. YOU MUST PASS THIS ON QUICKLY AND TO AS MANY PEOPLE AS POSSLE!!!!! YOU MUST!
Variants of this e-mail message have been circulating the Internet. This warning is a hoax. There is no such thing as a "cleanup day" for the Internet. If each web site shutdown their web server there would be NO Internet to clean. The e-mail message is usually forged with an ambiguous signature. CIAC recommends that you trash any message related to this subject. Please, DO NOT circulate.
Subj: Internet Cleanup Day
THIS MESSAGE WILL AGAIN BE REPEATED IN MID FEBRUARY.
*** Attention ***
It's that time again!
As many of you know, each year the Internet must be shut down for 24
hours in order to allow us to clean it. The cleaning process, which
eliminatesdead email and inactive ftp, www and gopher sites, allows for a
better working and faster Internet.
This year, the cleaning process will take place from 12:01 a.m.. GMT on
February 27 until 12:01 a.m. GMT on February 28 (the time least likely to
interfere with ongoing work). During that 24-hour period, five powerful
Internet search engines situated around the world will search the
Internet and delete any data that they find.
In order to protect your valuable data from deletion we ask that you do
the following:
1. Disconnect all terminals and local area networks from their
Internet connections.
2. Shut down all Internet servers, or disconnect them from the
Internet.
3. Disconnect all disks and hardrives from any connections to the
Internet.
4. Refrain from connecting any computer to the Internet in any
way.
We understand the inconvenience that this may cause some Internet
users, and we apologize. However, we are certain that any inconveniences
will be more than made up for by the increased speed and efficiency of the
Internet, once it has been cleared of electronic flotsam and jetsam.
We thank you for your cooperation.
***** Signature Removed *****
Circulating the Internet since November 1997, is a chain letter hoax claiming to be from the office of the chief executive of Microsoft Corporation. Although there are special variants, they all claim to be from Bill Gates and merely ask the receiver to forward the letter to other people. If an attachment comes with this message, CIAC recommends you delete it at once. DO NOT take any unnecessary chances from unknown sources. For additional information, read the article at the ZDNet News Channel.
ZDNet's article "Bill Gates grubs for money...NOT!" released 12/3/97.
FROM: GatesBeta@microsoft.com ATTACH: Tracklog@microsoft.com/Track883432/~TraceActive/On.html Hello Everyone, And thank you for signing up for my Beta Email Tracking Application or (BETA) for short. My name is Bill Gates. Here at Microsoft we have just compiled an e-mail tracing program that tracks everyone to whom this message is forwarded to. It does this through an unique IP (Internet Protocol) address log book database. We are experimenting with this and need your help. Forward this to everyone you know and if it reaches 1000 people everyone on the list you will receive $1000 and a copy of Windows98 at my expense. Enjoy. Note: Duplicate entries will not be counted. You will be notified by email with further instructions once this email has reached 1000 people. Windows98 will not be shipped unitl it has been released to the general public. Your friend, Bill Gates & The Microsoft Development Team.
August 1998 - Here's a new twist to the Bill Gates Chain Letter Hoax. This one concerns a giveaway by Disney. Walt Disney Company IS NOT responsible for any of the information contained in this chain letter.
Disney Worldwide Services:
"There is no such product or offer made by Disney."
************************************************************* Hello Disney fans, And thank you for signing up for Bill Gates' Beta Email Tracking. My name is Walt Disney Jr. Here at Disney we are working with Microsoft which has just compiled an e-mail tracing program that tracks everyone to whom this message is forwarded to. It does this through an unique IP (Internet Protocol) address log book database. We are experimenting with this and need your help. Forward this to everyone you know and if it reaches 13,000 people, 1,300 of the people on the list will receive $5,000, and the rest will receive a free trip for two to Disney World for one week during the summer of 1999 at our expense. Enjoy. Note: Duplicate entries will not be counted. You will be notified by email with further instructions once this email has reached 13,000 people. Your friends, Walt Disney Jr., Disney, Bill Gates & The Microsoft Development Team. *******************************************************************
April 1999: On April 14, 1999 the Miller Brewing Company issued a press releases that states that the chain letter listed here is indeed a hoax. Miller's Response to the current E-mail Hoax The claim to track e-mail is very simular to the Bill Gate's e-mail tracking tool hoax: Bill Gates Hoax
*************************************************************
Hello:
We here at Miller Brewing Company, Inc. would
like to help bring in the new millennium for everyone. We
like to think of ourselves as a progressive
company, keeping up with our
customers. We have found the best
way to do this via the Internet and email.
Combining these things, we would like to make
a special offer to our
valued customers: If this email makes
it to 2,000,000 people by 12:00 PM on New
Year's Eve of 1999, we will
send a coupon for one six-pack
of any of our Miller Brand beverages.
In the event that 2,000,000 people are
reached, our tracker/counter,
embedded in this message, will report
to us with the list of names and email
addresses. Thereafter, each
email address will be sent an electronic
coupon which you can print out and redeem at
any Miller Brand beverage carrying store. The coupons will
be sent as soon as 2,000,000 people are
reached, so the sooner, the
better.
Enjoy, and Cheers,
Gary D. Anderson, Chief Marketing Director
Miller Brewing Company, Inc.
http://www.millerbrewing.com
*************************************************************
May 1999: And yet another twist to the Bill Gates Chain Letter Hoax. This one claims that Netscape and AOL will send you money. It also mentions the Microsoft tracking system that does not exist.
Netscape and AOL have recently merged to form the largest internet company in the world. In an effort to remain at pace with this giant, Microsoft has introduced a new email tracking system as a way to keep Internet Explorer as the most popular browser on the market. This email is a beta test of the new software and Microsoft has generously offered to compensate those who participate in the testing process. For each person you send this email to, you will be given $5. For every person they give it to, you will be given an additional $3. For every person they send it to you will receive $1. Microsoft will tally all the emails produced under your name over a two week period and then email you with more instructions. This beta test is only for Microsoft Windows users because the email tracking device that contacts Microsoft is embedded into the code of Windows 95 and 98. I know you guys hate forwards. But I started this a month ago because I was very short on cash. A week ago I got an email from Microsoft asking me for my address. I gave it to them and yesterday I got a check in the mail for $800. It really works. I wanted you to get a piece of the action. You won't regret it.
May 1999: A beta test of a clothing line? I don't think so. This hoax claims that the GAP will give you clothing if you pass the message on, but is just another variant of the Bill Gates hoax.
Subject: FW: FREE clothes from GAP Everyone loves free stuff! Abercrombie & Fitch have recently merged to form the largest hottie outfitter company in the world! In an effort to remain at pace with this giant, the GAP has introduced a new email tracking system to determine who has the most loyal followers. This email is a beta test of the new clothing line and GAP has generously offered to compensate those who participate in testing process. For each person you send this e-mail to, you will be given a pair of cargo pants. For every person they give it to, you will be given an additional Hawaiian print T-shirt, for every person they send it to, you will recieve a fishermans hat! GAP will tally all the emails produced under your name over a two week period and then email you with more instructions. This beta test is only for Microsoft Windows users because the email tracking device that contacts GAP is embedded into the code of Windows 95 and 98. If you wish to speed up the "clothes receiving process" then you can email the GAP's P.R. rep for a free list of email addresses to try, at....gollygap@yahoo.com (this was forwarded to me, it's not me saying this...) I know you guys hate forwards, but I started this a month ago. A week ago, I got an email from the GAP asking me for my address I gave it to them yesterday and I got a box load of mechandise in the mail from the GAP!!!!! It really works! I wanted you to get a piece of the action, you won't regret it
June 1999: In this variant of the Bill Gates hoax, IBM is giving away computers. If you look at the wording, this one is almost identical to the GAP giveaway hoax above.
Subject: Free Computer Equipment!!! Date: Monday, June 28, 1999 6:35 PM Hey, I just wanted to let you guys know about this great new PC I just got from IBM! Hewlett-Packard and Gateway have just merged to form the biggest computer supplier in the world! Bigger than Dell, bigger than IBM, bigger than them all! In response to this amazing merger, IBM has set aside 250,000 free computers to reward and keep it's most loyal and trusted customers! I've already got mine, read on to see how you can get yours!!! This email has a special encoding which will let IBM know every time you send it to one of your friends or relatives. The first 250,000 people who send this to at least 15 of their friends will receive a brand new IBM computer! After you send this to your friends, and qualify, IBM will contact you via email, and get your shipping address. Send them your address, and in a couple of days, a brand new computer, complete with printer, and 19" monitor is sitting on your doorstep! You must hurry, because this offer ends July 31 of this year! Here's the catch, though. Each of your friends must send this to at least 5 people or you won't be eligible, so choose your friends wisely! Remember, a true friend will send this along for you! That's all it takes,no strings attached! No purchase necessary!!! You don't even have to have previously purchased a computer from IBM! They want to earn or keep your future business, and they're willing to pay for it!!!
April 2000: Listed below is another giveaway hoax. Since there's a hoax letter that is giving away Nokia phones, someone wrote one for Ericsson. Please see: http://www.ericsson.net/infocenter/news/Fake_chainletter_hits_Ericsson.html You can also find a reference to this URL on the front page: http://www.ericsson.com
----- Dear customer Our main competitor, Nokia, is giving free mobile phones away on the Internet. Here at Ericsson we want to counter their offer. So we are giving our newest WAP-phones away as well. They are specially developed for Internet happy customers who value cutting edge technology. By giving free phones away, we get valuable customer feedback and a great Word-of-Mouth effect. All you have to do, is to forward this message to 8 friends. After two weeks delivery time, you will receive a Ericsson T18. If you forward it to 20 friends, you will receive the brand new Ericsson R320 WAP-phone. Just remember to send a copy to Anna.Swelund@ericsson.com <mailto:Anna.Swelund@ericsson.com< <<mailto:Anna.Swelund@ericsson.com <mailto:Anna.Swelund@ericsson.com< << - that is the only way we can see, that you forwarded the message. Best of luck Anna Swelund Executive Promotion Manager for Ericsson Marketing Any rights not expressly granted herein are reserved. Reproduction, transfer, distribution or storage of part or all of the contents in any form without the prior written permission of Ericsson is prohibited except in accordance with the following terms. Ericsson consents to you browsing Ericsson World Wide Web pages on you computer or WAP-phone and printing copies of these pages for private use only. --
Circulating the Internet is e-mail messages entitle "WIN A HOLIDAY". These e-mail messages are a hoax and the false warning of a malicious e-mail does not exist. There is currently no virus that has the characteristic described in the message. The message is a variant of the "Join the Crew" hoax and another variant called "JUST WIN A HOLIDAY". CIAC recommends that you DO NOT pass the message to others.
VIRUS WARNING !!!!!! If you receive an email titled "WIN A HOLIDAY" DO NOT open it. It will erase everything on your hard drive. Forward this letter out as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from Microsoft; please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in our address book so that this may be stopped. Also, do not open or even look at any mail that says "RETURNED OR UNABLE TO DELIVER" This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.
This chain letter was first posted on CIAC's Chain Letter page around January of 1997. As with any file, you should never run code from unknown sources because you always run the risk of downloading Trojan Horses or infected files.
If you are just sending a text e-mail message to someone, there is no way that we've seen that it can be tracked. You could send your message with the "Return Receipt" request but that would only notify you that those persons that you sent the letter to have received it.
*************************************
IM SORRY GUYS>>I REALLY DONT BELIEVE IT BUT SENDING IT TO YALL JUST IN
CASE!!!!!!!!!!!!
This is not a joke...if you do not forward this e-mail to 20 other
people............. your computer will be a living hell thanks to one of
our very own little ingenus viruses. I repeat this is not a joke this virus
will come to you only a week after you open this piece of mail in a very
undiscreet e-mail If you open this e-mail after opening others, it just
might come as a letter from your "buddy" Watch out! You have one week..
starting now. If this virus gets in it won't come back out. It will slowly
delete 1 file a day from system IRQ files, startup files and win 95
kernels for registery address {1593338-489h985}
Thank you for your time.......#:) hahahahaha SCREW YOU!!!
*************************************
The latest AOL hoax circulating the Internet is "AOL RIOT June 1, 1998". CIAC received the following statement from AOL: "The June 1, 1998 riot e-mail is a hoax. The allegations relating to the spreading of viruses and the tracking of whom the e-mail is forwarded to are false." Tatiana Gau, Vice President of AOL Integrity Assurance.
AOL RIOT JUNE 1, 1998 WARNING: You must forward this letter to 10 people or your account will be terminated on June 1, 1998. All recipients of this e-mail are being tracked. When you received this, when you forwarded it, who you forwarded it to, is all on record. We are AOL's most elite hacker group, known as LcW. We have hacked AOL's (easily infiltrated) systems on numerous occaisions. We have shut down AOL keywords, we can kick any AOL Staff member off for 24 hours, we have gained access to Steve Case's account, we have created AOL's most famous hacking programs (Fate X, HaVoK, HeLL RaIsEr, MaGeNtA) and we can certainly get your credit card info. However, if you send this to 10 people, like you are told, you will escape unharmed. We won't terminate your account and you will be able to continue using AOL. So if you know whats best for you, you will send this to 10 people as soon as possible. If you think we are bluffing....just wait till June 1, and see if you can sign or not. CAUTION: THERE WILL BE A VIRUS UPLOADED ON AOL'S MAIN SERVER ON JUNE 1, 1998. ANY USERS WHO HAVEN'T FORWARDED THIS MESSAGE WILL AUTOMATICALLY HAVE THE VIRUS DOWNLOADED INTO THEIR SYSTEM. WE SUGGEST YOU FORWARD THIS MESSAGE OR YOUR COMPUTER WILL BE FRIED. ***** Because of the outrage of AOL's increasing prices, LcW has decided to create a riot on May 1, that will cause havoc on AOL. We will be sending viruses out to thousands of AOL users. We will be terminating accounts. We will be hacking into Guide chat rooms and kicking guides offline. There will be no AOL Staff - just complete pandemonium. If you want to join this riot, we urge you to! You won't have to worry about being TOSed or Reported because there will be no Guides online! So do whatever you want - punt, scroll, tos, just turn AOL into a war zone! ***** LIST OF LcW HACKERS ON AOL We represent LcW The following Hackers will be co-ordinating the Riot and hacking AOL's mainframe computer, and uploading viruses into the system. WaReZxHaCk MaGuS ReDxKiNG HaVoK SkiD SeMeN NoStRa PhoneTap InetXWeb Psy Acid PoiSon iV PaUsE CooLant InFeRnO XStatic Chronic Burn Zone Degreez WaTcHeR ----- AOL RIOT ON JUNE 1, 1998 - You have been warned LcW is taking over America Online. This is not no f***ing joke either. You have been warned. ----- Where f*** is a common vulgar expletive.
AOL has declared the AOL V4.0 Cookie chain letter a hoax. CIAC received the following statement from AOL: "I wish to bring to your attention the attached hoax letter that has been circulating on the Internet, making serious allegations about AOL 4.0. All of these allegations are false." Tatiana Gau, Vice President of AOL Integrity Assurance.
************************************************************************************ From a former AOL employee: I'll try and cut through the crap, and try to get to the point of this letter. I used to work for America Online, and would like to remain anonymous for that reason. I was laid off in early September, but I know exactly why I was laid off, which I will now explain: Since last December, I had been one of the many people assigned to design AOL 4.0 for Windows (AOL 4.0 beta, codenamed Casablanca). In the beginning, I was very proud of this task, until I found out the true cost of it. Things were going fine until about mid-February, when me and 2 of my colleagues started to suspect a problem, an unexplainable 'Privacy Invasion', with the new version. One of them, who is a master programmer, copied the finished portion of the new version (Then 'Build 52'), and took it home, and we spent nearly 2 weeks of sleepless nights examining and debugging the program, flipping it inside-out, and here is what we found. Unlike all previous versions of America Online, version 4.0 puts something in your hard drive called a 'cookie'. (AOL members click here for a definition). However, the cookie we found on Version 4.0 was far more treacherous than the simple Internet cookie. How would you like somebody looking at your entire hard drive, snooping through any (yes, any) piece of information on your hard drive. It could also read your password and log in information and store it deep in the program code. Well, all previous versions, whether you like it or not, have done this to a certain extent, but only with files you downloaded. As me and my colleagues discovered, with the new version, anytime you are signed on to AOL, any top AOL executive, any AOL worker, who has been sworn to secrecy regarding this feature, can go in to your hard drive and retrieve any piece of information that they so desire. Billing, download records, e-mail, directories, personal documents, programs, financial information, scanned images, etc. Better start keeping all those pictures on a floppy disk! This is a totally disgusting violation of our rights, and your right to know as well. Since this is undoubtedly 'Top Secret' information that I am revealing, my life at AOL is pretty much over. After discovering this inform attain, we started to inform a few other workers at America Online, so that we could get a large enough crew to stop this from happening to the millions of unfortunate and unsuspecting America Online members. This was in early August. One month later, all three of us were unemployed. We got together, and figured there was something we had to do to let the public know. Unemployed, with one of us going through a divorce (me) and another who is about to undergo treatment for Cancer, our combined financial situation is not currently enough to release any sort or article. We attempted to create a web page on three different servers containing in-depth information on AOL 4.0, but all three were taken down within 2 days. We were running very low on time (4.0 is released early this winter), so we figured our last hope to reveal this madness before it effects the people was starting something similar to a chain letter, this letter you are reading. Please do the following, to help us expose AOL for who they really are, and to help us and yourself receive personal gratification for taking a stand for our freedom: 1. Forward this letter to as many people as you can (not just friends and family, as many as you can)! 2. Tell people who aren't on America Online in person, especially important people (Private Investigators, Government workers, City Council) 3. If the information about the new version isn't exposed by the time AOL is released early this winter, for your own protection, DON'T DOWNLOAD AOL 4.0 UNDER ANY CONDITION !!! Thank you for reading and examining this information. Me and my colleagues hope that you will help us do the right thing in this situation. Enjoy America Online (just kidding!). Regards, A former AOL employee ************************************************************************************
AOL4FREE actually consists of three separate, independent items:
The AOL4FREE Macintosh Program was originally written to provide illegal free access to America Online. In the March 1997 issue of the CSI Computer Security Alert the following statement was made concerning the creator of that program:
"A former Yale computer science student has pleaded guilty to defrauding America Online. AOL estimates it lost between $40,000 and $70,000 in service charges because the student distributed his computer program, AOL4FREE, to hundreds of other users."
Note that any attempt to use the original AOL4FREE program may subject you to prosecution.
The second item is the AOL4FREE Virus Warning Hoax message. The following message has been circulating around the Internet, warning of a virus infected e-mail message:
************************************************************************************
VIRUS ALERT!!!
DON'T OPEN E-MAIL NOTING "AOL4FREE"
Anyone who receives this must send it to as many people as you can. It
is essential that this problem be reconciled as soon as possible. A few
hours ago, I opened an E-mail that had the subject heading of "AOL4FREE.COM".
Within seconds of opening it, a window appeared and began to display my files
that were being deleted. I immediately shut down my computer, but it was too
late. This virus wiped me out. It ate the Anti-Virus Software that comes with
the Windows '95 Program along with F-Prot AVS. Neither was able to detect it.
Please be careful and send this to as many people as possible, so maybe this
new virus can be eliminated.
************************************************************************************
This message has several problems that identify it as a hoax.
The third item is the AOL4FREE.COM Trojan Horse. This program appears to be the AOL4FREE program that creates fraudulent AOL accounts (though it is a DOS program instead of a Macintosh program) but is actually a simple compiled DOS batch file that runs the DOS DELTREE command on the C:\ directory of a DOS/Windows machine. The DELTREE command deletes all files in a directory, including the directory itself and any subdirectories in that directory. The effect is to delete all files on the C: drive of a DOS/Windows machine. If you should come across this program from any source, do not run it. For more information see CIAC Bulletin H-47a: AOL4FREE.COM Trojan Horse Program Destroys Hard Drives.
CIAC ALWAYS recommends that software downloaded onto a computer from any source (BBS, e-mail attachment, floppy, web) be scanned with antivirus software prior to being run. Note that most antivirus software does not detect Trojans, so it is important to know where your software came from before executing it.
January 1999
This is a variant of the historic modem tax hoax of bygone years. This latest version started making its rounds on Nov 06, 1998, based apparently on a CNN story. Early versions pointed the finger at the FCC as the villian in this story. Then it was 'the government', then it was 'the Congress'.
FCC statement: "... the FCC has no intention of assessing per-minute charges on Internet traffic or of making any changes in the way consumers obtain and pay for access to the Internet."
******************************** Date: Wednesday, January 06, 1999 10:03 PM Looks like Congress has found another way to tax us. There is a new bill in US Congress that will be affecting all Internet users. You might want to read this and pass it on. CNN stated that the government would in two weeks time decide to allow or not allow a charge to your (OUR) phone bill each time you access the internet. Please visit the following URL and fill out the necessary form! The address is http://www.house.gov/writerep/ If EACH one of us, forward this message on to others in a hurry, we may be able to prevent this from happening! (Maybe we CAN fight the phone company!) *********************************
This alert is a hoax. The earliest electronic version of it, which does not urge any particular action but merely reports and comments on the story, appeared on Usenet on Nov 06, 1998. Appearing under the thread "INTERNET PER MINUTE FEES COMING?" on the ba.internet news group, it cited a CNN story aired that same day. A later version, urging everyone to contact Congress, appeared on Nov 18, 1998 in a different news group and referenced an FCC release dated Oct 30, 1998 as the source of the CNN story. The actual FCC proceeding which apparently set off this mushrooming flurry of alerts dealt with the 'reciprocal billing' issue, which relates to charges for interconnectivity between various telcos.
In reaction to it, the FCC issued an official statement of December, 1998, which can be found at <http://www.fcc.gov/Bureaus/Common_Carrier/Factsheets/nominute.html>. This publication restates that the reciprocal billing issue does not include any proposal to have metered billing of any sort by the telcos for internet usage.
Reputable organizations producing legislative alerts will include some basic information which will assist the reader in determining how and when to respond. Most if not all of this information was missing from this spurious alert.
1) Congress does not vote as a single body. Any alert should name the specific body (House or Senate) scheduled to vote to whom letters/email should be sent. It will also indicate whether this is in front of a committee, and which committee, or that it is set for a floor vote.
2) At a minimum, a specific bill number will be cited such as S.1615 or H.R.3888. The reader can then check the Congressional bill status web site <http://thomas.loc.gov> to determine the precise current status of the bill before writing to your member of Congress about it.
3) A specific alert date, and a deadline date for responses, will be included to help in determining whether the alert is stale.
4) A legitimate alert will say exactly what is wrong with (or right with) the bill, possibly even citing a specific section. Check the language of the bill on Thomas to ensure that amendments to the bill in between the time the alert went out and the time that you're reading it haven't changed it to the point where the alert is no longer relevant.
It should also be noted that this alert began making its rounds after the 105th Congress had adjourned. Although the House of Representatives came back into a lame duck (post election) session to consider the issue of impeachment of the president, no other issues were considered. And the Senate did not reconvene at all. The 106th Congress was officially convened in early January, 1999. At the time the new Congress is seated at the beginning of every odd numbered year, all bills not enacted into law by the end of the previous Congress are swept away. The new Congress starts over with a clean slate, introducing entirely new bills which must make their way through the entire legislative process. A legislative alert from 1998 is null and void in January, 1999, whether it was spurious at the time or not.
Charles Oriez coriez@netone.com National Legislative Chair Association of Information Technology Professionals <http://www.aitp.org>
May 1999
Here's a rewrite of the internet charge hoax. This one includes a disclaimer by 'The Washingtonian' at http://www.washingtonian.com/about/emailhoax.html ******** Dear Internet Subscriber: Please read the following carefully if you intend to stay online and continue using e-mail: The last few months have revealed an alarming trend in the Government of the United States attempting to quietly push through legislation that will affect your use of the Internet. Under proposed legislation (Bill 602P) the U.S. Postal service will be attempting to bilk email users out of "alternative postage fees". Bill 602P will permit the Federal Govt. to charge 5 cents surcharge on every email delivered, by billing Internet Service Providers at source. The consumer would then be billed inturn by the ISP. Washington D.C. lawyer Richard Stepp is working without pay to prevent this legislation from becoming law. The U.S. Postal Service is claiming that lost revenue due to the proliferation of email is costing nearly $230,000,000 in revenue per year. You may have noticed the recent ad campaign "There is nothing like a letter". Since the average citizen received about 10 pieces of email per day in 1998, the cost to the typical individual would be an additional 50 cents per day, or over $180 per year, above and beyond their regular Internet costs. Note that this would be money paid directly to the U.S. Postal Service for a service they do not even provide. The whole point of the Internet is democracy and non-inerference. If the Federal Govt. is permitted to tamper with our liberties by adding a surcharge to e-mail, who knows where it will end. You are already paying an exorbitant price for snail mail because of bureaucratic inefficiency. It currently takes up to 6 days for a letter to be delivered from New York to Buffalo. If the U.S. Postal Service is allowed to tinker with email, it will mark the end of the 'free' Internet in the United States. One congressman, Tony Schnell (R) has even suggested a "twenty to forty dollar per month surcharge on all Internet service" above and beyond the government's proposed email charges. Note that most of the major newspapers have ignored the story, the only exception being the Washingtonian which called the idea of email surcharge "a useful concept whose time has come" (March 6th 1999 Editorial) Don't sit by and watch your freedoms erode away! Send this email to all Americans on your list and tell your friends and relatives to write their congressman and say "No!" to Bill 602P Kate Turner assistant to Richard Stepp Berger, Stepp and Gorman Attorneys at Law 216 Concorde Street, Vienna, VA. ********
March 1999
Recently Blue Mountain Cards was the target of false warnings that opening a greeting card on their website would cause systems to crash. Below is a statement from the Executive Director of Blue Mountain Cards. Jared Schutz, Executive Director Blue Mountain Arts "It is very frustrating and difficult for us to dispel these rumors, but please help us in doing so by passing this email along to your friends and spreading the word that there is no way that bluemountain.com can spread a virus. Our electronic greeting cards are simply web pages that you view with your browser. Our email notifications are only text messages without any attached files. When someone sends or receives cards from our site, they do not actually download to their computer any file that might contain a virus. We are worried that these rumors are hurting our free card efforts, and hope that you can help us set the record straight." http://www1.bluemountain.com/home/hoax.html
April 1999
The original email titled "It Takes Guts to Say 'Jesus'" is
a poor rewrite of several old hoaxes. Now that hoax has been
rewritten as an aftermath of the 'Melissa' virus outbreak.
Here is the newest version circulating the internet.
****************************************
If you receive an email titled "It Takes Guts to Say 'Jesus' DO NOT
OPEN IT. It will erase everything on your hard drive. This
information was announced yesterday morning from IBM; AOL states that
this is a very
dangerous virus, much worse than "Melissa", and that there is NO
remedy
for it at this time. Some very sick individual has succeeded in using
the re-format function from Norton Utilities causing it to completely
erase all documents on the hard drive.It has been designed to work
with
Netscape Navigator and Microsoft Internet Explorer.It destroys
MacIntosh and IBM compatible computers. This is a new, very malicious
virus and not many people know about it. Pass this warning along to
EVERYONE in your address book and please share it with all your online
friends ASAP so that this threat may be stopped. Please practice
cautionary measures and tell anyone that may have access to your
computer. Forward this warning to everyone that might access the
internet
****************************************
March 1999
WARNING!! BEWARE GREEKS(Geeks) BEARING GIFTS!
WARNING! WARNING! WARNING!
IF YOU RECEIVE A GIFT IN THE SHAPE OF A LARGE
WOODEN HORSE DO NOT DOWNLOAD IT!!!! It is EXTREMELY
DESTRUCTIVE and will overwrite your ENTIRE CITY!
The "gift" is disguised as a large wooden horse about two
stories tall. It tends to show up outside the city gates
and appears to be abandoned. DO NOT let it through the
gates! It contains hardware that is incompatible with
Trojan programming, including a crowd of heavily armed
Greek warriors that will destroy your army, sack your town,
and kill your women and children. If you have already
received such a gift, DO NOT OPEN IT! Take it back out of
the city unopened and set fire to it by the beach.
FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!
Poseidon
December 1999
Nstorm (http://www.nstorm.com ) has become the victim of a hoax chain letter stating that two of their games being distributed over the internet are infected with a virus. The chain letter does not state what the malicious code is. Listed below is a statement from Nick Schoeneberger of Nvision Design, Inc., the developer of the game. CIAC recommends that you check with vendors or other reliable sources before forwarding warnings that may be bogus.
Keep in mind that while the games available from Nstorm's web page are virus free, copies that are being e-mailed around the network could be infected with a virus or could be a Trojan program with the same name as the original game. To be safe, you should never run executables that are sent to you by an unknown/untrusted source but get an original copy directly from the manufacturer's website or from a trusted downloading site.
May 2000
The Center for Diesase Control has issued a press release about the false e-mail chain letter about the "Klingerman Virus".
False E-mail Report about "Klingerman Virus"
The chain letter reads as follows: Subject: Very Serious Information!!! This is an alert about a virus in the original sense of the word...one that affects your body, not your hard drive. There have been 23 confirmed cases of people attacked by the Klingerman Virus, a virus that arrives in your real mail box, not your e-mail in-box. Someone has been mailing large blue envelopes, seemingly at random, to people inside the US. On the front of the envelope in bold black letters is printed, "A gift for you from the Klingerman Foundation." When the envelopes are opened, there is a small sponge sealed in plastic. This sponge carries what has come to be known as the Klingerman Virus, as public health officials state this is a strain of virus they have not previously encountered. When asked for comment, Florida police Sergeant Stetson said, "We are working with the CDC and the USPS, but have so far been unable to track down the origins of these letters. The return addresses have all been different, and we are certain a remailing service is being used, making our jobs that much more difficult." Those who have come in contact with the Klingerman Virus have been hospitalized with severe dysentery. So far seven of the twentythree victims have died. There is no legitimate Klingerman Foundation mailing unsolicited gifts.If you receive an oversized blue envelope in the mail marked,"A gift from the Klingerman foundation", DO NOT open it. Place the envelope in a strong plastic bag or container, and call the police immediately. The "gift" inside is one you definitely do not want. PLEASE PASS THIS ON TO EVERYONE YOU CARE ABOUT.
February 2000
The warning, shown below, purports to come from the Center for Diesase Control warns of necrotizing fasciitis associated with bananas that will eat the flesh off your bones. The report is totally false as indicated by the CDC and the FDA:
False Internet Report About Necrotizing Fasciitis Associated With Bananas
Subject: URGENT warning Dear Friend, Please forward to everyone you love!! This is VALIDATED FROM THE CDC. (center for disease control in atlanta georgia) Warning: Several shipments of bananas from Costa Rica have been infected with necrotizing fasciitis, otherwise known as flesh eating bacteria. Recently this disease has decimated the monkey population in Costa Rica. We are now just learning that the disease has been able to graft itself to the skin of fruits in the region, most notably the Banana which is Costa Rica's largest export. Until this finding scientist were not sure how the infection was being transmitted. It is advised not to purchase Bananas for the next three weeks as this is the period of time for which bananas that have been shipped to the US with the possibility of carrying this disease. If you have eaten a banana in the last 2-3 days and come down with a fever followed by a skin infection seek "Medical Attention"!!! The skin infection from necrotizing fasciitis is very painful and eats two to three centimeters of flesh per hour. Amputation is likely, death is possible.. If you are more than an hour from a medical center burning the flesh ahead of the infected area is advised to help slow the spread of the infection. The FDA has been reluctant to issue a country wide warning because of fear nationwide panic. They have secretly admitted that they feel upwards of 15,000 Americans will be affected by this but that these are acceptable numbers. Please forward this to as many people you care about as possible as we do not feel 15,000 people is an acceptable number. Manheim Research Institute Center for Disease Control Atlanta Georgia
Since 1988, computer virus hoaxes have been circulating the Internet. In October of that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 1992) one of the first virus hoaxes was the 2400 baud modem virus:
SUBJ: Really Nasty Virus AREA: GENERAL (1) I've just discovered probably the world's worst computer virus yet. I had just finished a late night session of BBS'ing and file treading when I exited Telix 3 and attempted to run pkxarc to unarc the software I had downloaded. Next thing I knew my hard disk was seeking all over and it was apparently writing random sectors. Thank god for strong coffee and a recent backup. Everything was back to normal, so I called the BBS again and downloaded a file. When I went to use ddir to list the directory, my hard disk was getting trashed again. I tried Procomm Plus TD and also PC Talk 3. Same results every time. Something was up so I hooked up to my test equipment and different modems (I do research and development for a local computer telecommunications company and have an in-house lab at my disposal). After another hour of corrupted hard drives I found what I think is the world's worst computer virus yet. The virus distributes itself on the modem sub- carrier present in all 2400 baud and up modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no othr (sp) purpose. The virus sets a bit pattern in one of the internal modem registers, but it seemed to screw up the other registers on my USR. A modem that has been "infected" with this virus will then transmit the virus to other modems that use a subcarrier (I suppose those who use 300 and 1200 baud modems should be immune). The virus then attaches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of this virus is to completely reset all the modem registers by hand, but I haven't found a way to vaccinate a modem against the virus, but there is the possibility of building a subcarrier filter. I am calling on a 1200 baud modem to enter this message, and have advised the sysops of the two other boards (names withheld). I don't know how this virus originated, but I'm sure it is the work of someone in the computer telecommunications field such as myself. Probably the best thing to do now is to stick to 1200 baud until we figure this thing out. Mike RoChenle
This bogus virus description spawned a humorous alert by Robert Morris III :
Date: 11-31-88 (24:60) Number: 32769 To: ALL Refer#: NONE From: ROBERT MORRIS III Read: (N/A) Subj: VIRUS ALERT Status: PUBLIC MESSAGE Warning: There's a new virus on the loose that's worse than anything I've seen before! It gets in through the power line, riding on the powerline 60 Hz subcarrier. It works by changing the serial port pinouts, and by reversing the direction one's disks spin. Over 300,000 systems have been hit by it here in Murphy, West Dakota alone! And that's just in the last 12 minutes. It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac, RSX-11, ITS, TRS-80, and VHS systems. To prevent the spresd of the worm: 1) Don't use the powerline. 2) Don't use batteries either, since there are rumors that this virus has invaded most major battery plants and is infecting the positive poles of the batteries. (You might try hooking up just the negative pole.) 3) Don't upload or download files. 4) Don't store files on floppy disks or hard disks. 5) Don't read messages. Not even this one! 6) Don't use serial ports, modems, or phone lines. 7) Don't use keyboards, screens, or printers. 8) Don't use switches, CPUs, memories, microprocessors, or mainframes. 9) Don't use electric lights, electric or gas heat or airconditioning, running water, writing, fire, clothing or the wheel. I'm sure if we are all careful to follow these 9 easy steps, this virus can be eradicated, and the precious electronic flui9ds of our computers can be kept pure. ---RTM III
Since that time virus hoaxes have flooded the Internet.With thousands of viruses worldwide, virus paranoia in the community has risen to an extremely high level. It is this paranoia that fuels virus hoaxes. A good example of this behavior is the "Good Times" virus hoax which started in 1994 and is still circulating the Internet today. Instead of spreading from one computer to another by itself, Good Times relies on people to pass it along.
There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are: (1) technical sounding language, and (2) credibility by association. If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.
When we say credibility by association we are referring to who sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.
Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax. Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.
CIAC recommends that you DO NOT circulate virus warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or your computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes.
Another area of concern is Internet chain letters that may or may not be true. For more information on Internet chain letters reference http://ciac.llnl.gov/ciac/CIACChainLetters.html.
Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org. If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. If he/she is passing on a rumor or if the address of the person does not exist or if there is any questions about the authenticity or the warning, do not circulate it to others. Instead, send the warning to your computer security manager or your incident response team and let them validate it. When in doubt, do not send it out to the world.
In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. Another useful web site is the "Computer Virus Myths home page" (http://www.kumite.com/myths/) which contains descriptions of several known hoaxes. In most cases, common sense would eliminate Internet hoaxes.