13.2 Categories of Hoax Messages

Team-Fly

	Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Slots : 1
	Table of Contents
	Chapter 13.  Hoax Viruses

Hoax messages fall into a two major categories, depending on their intent: virus warning or chain letter.

13.2.1 Virus Warning

By far, the most frequent hoax message is one containing a warning about a horrific virus. The virus purportedly arrives either via email or hiding within a file extension. That part sounds reasonable enough. But the warnings go further and say that its infected millions of PCs, destroys PCs, and there is nothing you can do.

13.2.1.1 Good Times virus

The Good Times virus hoax is the most famous and widespread of them all. It's a nice collection of the many tricks hoaxers will use to fool you. If you haven't read this one, let me be the first to introduce you:

Thought you might like to know...

The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michelangelo pale in comparison to the prospects of this newest creation by a warped mentality .

What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing email systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed . If the program is not stopped , the computer's processor will be placed in an nth-complexity infinite binary loop that can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.

Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading simply "Good Times".

******************************************

The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute. The program is highly, intelligent -- it will send copies of itself to everyone whose email address is contained in a received-mail file or a sent- mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is -- if you receive a file with the subject line "Good Times," delete it immediately! Do not read it! Rest assured that whoever's name was on the "From:" line was surely struck by the virus.

Warn your friends and local system users of this newest threat to the InterNet! It could save them a lot of time and money.

******************************************

Avoiding infection is easy. If you receive a message with the topic "GOOD TIMES", DO NOT READ IT, ERASE IT IMMEDIATELY. This report is not confirmed but has circulated extensively in Colorado. Look out for it!

******************************************

Virus hoaxes often interlace real product and company names to provide shades of legitimacy . From the Wobbler virus hoax:

Thought you might be interested in this message. If you receive an email with a file called "California" do not open the file. The file contains the "WOBBLER" virus. This information was announced yesterday morning by IBM.

This is a very dangerous virus, much worse than "Melissa" and there is NO remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities causing it to completely erase all documents on the hard drive. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it at this time. Please pass this warning to everyone in your address book and share it with all your online friends ASAP so that the destruction it can cause may be minimized.

"Destroys" isn't a very specific term . A reliable alert would indicate exactly what gets done, and how. It was announced by IBM, and yet no one knows about it? A real warning would have included a specific link to IBM's web site.

Some hoaxes use technology and acronyms to dupe people. This is from the Mobile Phone Virus hoax:

Dear all mobile phone's owners ,

ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM. All mobile phone in DIGITAL systems can be infected by this virus. If you receive a phone call and your phone display "UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display incoming call telephone number), DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!! BECAUSE IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMIE and IMSI information from both your phone and your SIM card that will make your phone unable to connect with the telephone network. You will have to buy a new phone.

This information has been confirmed by both Motorola and Nokia. For more information, please visit Motorola or Nokia web sites: http://www.mot.com or http://www.nokia.com. There are over 3 million mobile phones being infected by this virus in USA now. You can also check this news in CNN web site: http://www.cnn.com. Please forward this information to all your friends who have digital mobile phones.

Lots of official sounding jargon, capitalized words, and exclamation points. But the links don't point to any specific information. And three million phones have been hit, yet, you don't know about it? The next example was taken from the Get More Money hoax:

PLEASE PASS THIS ON TO YOUR FRIENDS AND COLLEAGUES! MICROSOFT VIRUS ALERT!!! If you receive an email with the title "GET MORE MONEY", DO NOT OPEN IT UNDER ANY CIRCUMSTANCES!

This email will delete all the data on your hard disk. It contains a new and very nasty virus that not many people know of at the moment. This information was released last week by Microsoft, please pass it on to every email-user in your address book in order to stop the virus as quickly as possible.

DO NOT OPEN any emails that have been "RETURNED OR UNABLE TO DELIVER" either, because this virus will affect your internet hardware such as modems, PC-cards etc. DELETE all emails with this title AT ONCE! AOL confirms that this is a very dangerous virus for which there is no antivirus software available at the moment. PLEASE PASS THIS INFORMATION ON AS QUICKLY AS POSSIBLE!!!

Hopefully, you can see the common theme of trying to panic the reader. The next type of hoax message doesn't claim to be warning about a virus attack, but wants you to send it to everyone you know, just the same.

13.2.2 Chain Letters

Chain letter emails include all the other types of hoax emails that don't warn of a virus attack. They include sympathy requests , false giveaways, threats, scams, fake news reports , and urban myths.

13.2.2.1 Sympathy requests

Some try to pull at people's heart strings. Everyone has heard of the email asking for everyone to send the little boy stricken with cancer a get-well card. It was true; there was a little boy with cancer requesting get-well cards, but he was sick well before the Internet came along. He has long been an adult, graduated from college (with the cancer in remission), and his parents have long ago stopped trying to block the avalanche of cards they still receive each day. They now, along with a few friends, collect the postmarked stamps from the cards and give them to interested organizations.

Another hoax message I received the other day related the story of a kidnapped little girl. It included her picture and asked anyone seeing her to call the authorities. I checked this one out on a hoax-busting web site. The girl was missing for a few hours and found at a friend's house -- years ago. The hoax message was not sent till days after the girl was found. It contains a few facts that could only have been known after the girl was discovered , so whoever originally made the hoax, knew the girl was located before the email plea was sent. This was one of several such hoaxes.

13.2.2.2 Fake news reports

Many chain letters claim to be warning the reader of some new bizarre act that is sweeping the nation. There have been no legitimate reports of anyone waking up in a bathtub full of ice after drinking in a bar and missing their kidney. Hypodermic needles are not waiting in children's plastic ball pits. Gang members are not told to kill people who flash their headlights at night as part of initiations. AIDS needles are not being left in mailboxes or gas pump handles. And LSD and poison are not being rubbed on public phones and soda machines.

There are other chain-letter hoaxes circulating the Net. One talks about how some poor sucker was unknowingly charged $100 by an upscale department store for a chocolate cookie recipe. The letter "releases" the cookie recipe in an attempt to let the department store's "secret recipe" out. The department store has responded that the story has no validity and I can back up their claims by pointing to the fact that no store would ever sell an item at an even dollar amount. I hear the cookie recipe is not so great either.

13.2.2.3 Giveaways

My friends get letters all the time saying that Bill Gates and Disney are offering either $1000 or a free trip to the first 10,000 people who send an email to a particular Disney address. Supposedly, Disney or Microsoft wants to test out a new marketing concept. First, Bill Gates doesn't give out money, he takes it. Secondly, Disney's the number one tourist attraction in the world. They don't need to do test marketing. They've got it down. I get many emails claiming I can make money fast! You can be reassured that the only ones hoping to make money fast are the ones who created the email.

Another popular email chain letter says that if enough people send email to a particular company's email address, then the sender can rack up points and win prizes, clothing, or free memberships. The Gap Jeans hoax is among those types. If you send the chain letter to eight other friends, you will earn a free pair of jeans from the Gap clothing franchise. Word to the wise, don't pass them along if you want to keep friends.

13.2.2.4 Threats

Lastly, some chain emails are just electronic versions of their mail counterparts that have circulated the globe for decades. The letter claims to be from somebody who cares about you, but then either promises good luck if you follow its instructions, or bad luck if you don't. You are instructed to send the same email to a certain number of people. And some superstitious people do. It as if some people believe that sending or not sending a particular fake email can actually impact their lives.

Hopefully these examples will make you skeptical if a virus warnings or chain-letter message appears in your email inbox.