| Luckily, removal is easy and usually no computer damage is done, although this is not always the case. The Sulfnbk.exe virus hoax was the first hoax virus message successful in getting people to delete legitimate system files. Still, there are steps you can take to quickly lessen a hoax warnings impact and prevent their spread. 13.4.1 Let Others Know It Is a Hoax If you receive a hoax warning message from a friend, send back a gentle reply letting him know that the message was a hoax and not to forward it along to others. Here's an example template I send hoax forwarders: Thank you for sending me the "possible" rogue program alert. However, the message you sent was a hoax. The message either contains misleading statements, can't technologically happen, or is untruthful in some other way. It is the hoax author's intent to fool as many people as he can and dupe them into spreading it around the world. In the future, if you are not sure if an email is a hoax message, you can check many sources including: http://www.cert.org/other_sources/viruses.html http://www. symantec .com/avcenter/hoax.hmtl http://www.hoaxkill.com Please let everyone you sent the hoax message know that it was a hoax message and can be ignored. Don't worry, it happens to us all. Sincerely, Mother Grimes Sometimes I send back my boiler-plated reply to everyone that was sent the hoax email; other times I just reply to the sender to lessen their embarrassment. Most corporations have a policy against the passing of chain letters or virus warnings by end users. The policy directs end users to forward all emails of these types to a centralized person for inspection. Lastly, if you are suspicious about a particular email, it is probably is a fake warning. Trust your gut instinct. If a hoax message is being sent all around your company and you have easy access to the mail server, it makes sense to kill all the hoax messages at once. 13.4.2 Use ExMerge to Delete All Hoax Messages at Once If you have an Exchange server, you can use the ExMerge utility described in Chapter 12 to delete all occurrences of the hoax message. 13.4.3 Set Up an Email Filter Most email clients and servers can be configured to block or delete incoming email based upon source address or a keyword, using a filter or rule macro. I have my email client delete all incoming emails with the word "VIRUS" (in all caps) contained in the text. I've yet to see a legitimate antivirus warning use that word all capitalized. Prevention consists of end user education and email filters. Most companies rely purely on educating end users and publishing email policy that tells employees to run all possible warnings by the email administrator first. To help quell the frequency of hoaxes , it cannot hurt to let innocent hoax spreaders about hoax warning messages. | 
