Internet Hoaxes

The following are Hoaxes as are most of this type of email.... PLEASE read on and learn something so maybe my mailbox won't overflow with this kind of stuff all the time.

Subject:    BAD VIRUS

 Someone is sending out a very cute screensaver of the Budweiser Frogs.  If
you download it, you will lose everything! Your hard drive will crash and
someone from the Internet will get your screen name and password! DO NOT
DOWNLOAD IT UNDER ANY CIRCUMSTANCES! It just went into circulation yesterday,
as far as we know.  Please distribute this message.  This is a new, very
malicious virus and not many people know
 about it. This information was announced yesterday morning from Microsoft.
Please share it with everyone that might access the Internet. Once again,
pass this along to
 EVERYONE in your address book so that this may be stopped. AOL has said that
 this is a very dangerous virus and that there is NO remedy for it at this
time. Please practice cautionary measures and forward this to all your
on-line friends.

 

Reprinted from Internet ScamBusters Issue #15
May 31, 1997

We get *lots* of questions asking us about specific computer viruses... and whether or not they are real threats or merely hoaxes. In fact, just this week we've been asked about five such viruses: AOL4FREE, Deeyenda, PENPAL GREETINGS!, PKZ300, and NaughtyRobot.

We recently found a US government Web site where you can get information on the latest computer virus hoaxes. The Department of Energy Computer Incident Advisory Capability (CIAC -- don't you just love the names?) maintains a very good site where you can find the latest information on Internet computer virus hoaxes at: http://ciac.llnl.gov/ciac/CIACHoaxes.html

The CIAC writes:

"The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time debunking hoaxes than handling real virus incidents."

Here's an example: The Deeyenda Virus Hoax

(This is from the CIAC Web site)

The following "Deeyenda" virus warning is a hoax. CIAC has received inquiries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self-activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message.Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message.

>>>>>>>>>> Remember: Below is a HOAX <<<<<<<<<<

**********VIRUS ALERT**********

VERY IMPORTANT INFORMATION, PLEASE READ!

There is a computer virus that is being sent across the Internet. If you receive an email message with the subject line "Deeyenda," DO NOT read the message, DELETE it immediately!

Some miscreant is sending email under the title "Deeyenda" nationwide, if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterates anything on it. Please be careful and forward this e-mail to anyone you care about.

Please read the message below.

Alex

-----------

FCC WARNING!!!!!
DEEYENDA PLAGUES INTERNET

The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, EMAIL and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive

Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information, such as email and login passwords, credit cards, personal info, etc.

The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and password are sent to the server, this virus can copy this information and SEND IT OUT TO UNKNOWN ADDRESSES (varies).

The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked your computer will be unsecure. Although it can attack any O/S this virus is most likely to attack those users viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pages and fear its spread. Please pass this on, for we must alert the general public of the security risks.

............................................................................

>>>>>>>>>> Remember: Above is a HOAX <<<<<<<<<<

However, to make things more complicated, sometimes there is an element of truth to some of the computer virus hoaxes. Take, for example, AOL4FREE. Here's the scoop (again from the CIAC Web site).

............................................................................

AOL4FREE

AOL4FREE actually consists of three separate, independent items:

A. The AOL4FREE Macintosh Program for gaining fraudulent accounts on AOL.

B. The AOL4FREE Virus Warning Hoax.

C. The AOL4FREE.COM Trojan horse program that deletes all the files on your hard drive.

A. The AOL4FREE Macintosh Program was originally written to provide illegal free access to America Online. In the March 1997 issue of the CSI Computer Security Alert the following statement was made concerning the creator of that program:

"A former Yale computer science student has pleaded guilty to defrauding America Online. AOL estimates it lost between $40,000 and $70,000 in service charges because the student distributed his computer program, AOL4FREE, to hundreds of other users."

Note that any attempt to use the original AOL4FREE.COM program may subject you to prosecution.

B. The second item is the AOL4FREE Virus Warning Hoax message. The following message has been circulating around the Internet, warning of a virus infected e-mail message:

>>>>>>>>>> Remember: Below is a HOAX <<<<<<<<<<

************************************************

VIRUS ALERT!!! DON'T OPEN E-MAIL NOTING "AOL4FREE"

Anyone who receives this must send it to as many people as you can. It is essential that this problem be reconciled as soon as possible. A few hours ago, I opened an E-mail that had the subject heading of "AOL4FREE.COM." Within seconds of opening it, a window appeared and began to display my files that were being deleted. I immediately shut down my computer, but it was too late. This virus wiped me out. It ate the Anti-Virus Software that comes with the Windows '95 Program along with F-Prot AVS. Neither was able to detect it. Please be careful and send this to as many people as possible, so maybe this new virus can be eliminated.

**********************************************

>>>>>>>>>> Remember: Above is a HOAX <<<<<<<<<<

This message has several problems that identify it as a hoax.

1. A virus-like program cannot spread in an e-mail message. While an infected program could be attached to an e-mail message, the e-mail message itself cannot contain one in any form that could be executed.

2. A virus or Trojan horse program cannot infect a system by simply being read. The current mail readers do not execute an e-mail message, they display it on the screen for you to read. You must take care when downloading an attachment to an e-mail message. In some mail readers you can doubleclick on the attachment icon to have it extracted and opened by whatever program created it. If that attachment is a program, it is downloaded and run, and running any program you have not scanned could cause you to be infected with a virus.

3. While this warning message is a hoax, the things it describes could be accomplished with a Trojan horse program. That Trojan horse could then be attached to an e-mail message and if the reader downloads and executes the Trojan horse program, it could do the damage described in this message. In fact, someone has done that as is explained below.

C. The third item is the AOL4FREE.COM Trojan Horse. This program appears to be the AOL4FREE program that creates fraudulent AOL accounts (though it is a DOS program instead of a Macintosh program) but is actually a simple compiled DOS batch file that runs the DOS DELTREE command on the C:\ directory of a DOS/Windows machine. The DELTREE command deletes all files in a directory, including the directory itself and any subdirectories in that directory. The effect is to delete all files on the C: drive of a DOS/Windows machine. If you should come across this program from any source, do not run it. For more information see CIAC Bulletin H-47a: AOL4FREE.COM Trojan Horse Program Destroys Hard Drives.

CIAC ALWAYS recommends that software downloaded onto a computer from any source (BBS, e-mail attachment, floppy, web) be scanned with anti-virus software prior to being run. Note that most anti-virus software does not detect Trojans, so it is important to know where your software came from before executing it.

First, if you receive a notice about a possible computer virus, check it out at the CIAC Web site. Don't spread it by simply sending it to other people.

Visit http://ciac.llnl.gov/ciac/CIACHoaxes.html We suggest you bookmark this site.

You can also visit another very useful Web site called the "Computer Virus Myths home page" at http://www.kumite.com/myths/ This site contains descriptions of several known hoaxes.

For good information on genuine known computer viruses, check out: http://www.av.ibm.com/InsideTheLab/VirusInfo/