Jerry Bryan immediately knew there was something wrong at his church. He knew it the second he opened up the email from the pastor. As a highly respected member of his church and a known technophile, Jerry was often consulted by the pastor concerning technical matters. In this case, however, the pastor was passing along a serious warning.

A secretary at his church had received an email from a friend that scared her:

I have some bad news. I was just informed that my address book has been infected with a virus. As a result, so has yours because your address is in my book. The virus is called jdbgmgr.exe. It cannot be detected by Norton or McAfee anti-virus programs. It sits quietly for about 14 days before damaging the system. It is sent automatically by messenger and address book, whether or not you send email. The good news is that it is easy to get rid of!

Just follow these simple steps and you should have no problem.

  1. Go to Start, then Find or Search
  2. In files/folders, write the name jdbgmgr.exe
  3. Be sure to search in you “C” drive
  4. Click Find or Search
  5. The virus has a teddy bear logo with the name jdbgmgr.exe – DO NOT OPEN!!
  6. RIGHT click and delete it
  7. Go to the recycle bin and delete it there also

IF YOU FIND THE VIRUS, YOU MUST CONTACT EVERYONE IN YOUR ADDRESS BOOK
Sorry for the trouble, but this is something I had no control over. I received it from someone else’s address book.

After receiving the email, the secretary looked, and sure enough, jdbgmgr.exe was sitting on her hard drive! She had a virus! She put in a call for the church’s tech people and then began to check other computers in the building. They all had the virus! jdbgmgr.exe was everywhere! A mass program of cleansing was about to begin, but Jerry got back to the pastor just in time with some good news. The church was not the victim of a virus. It was the victim of a hoax: the jdbgmgr.exe virus hoax.

After arising among Spanish-speaking Net users in early April 2002, the hoax quickly spread to English-speakers by mid-April. No one knows how many people fell for it, but it continues to this day, as the story above proves. Unfortunately, when people delete jdbgmgr.exe, they are not deleting a malicious virus; instead, they are deleting a system file placed on their computer by Microsoft.

Microsoft explains in its Knowledge Base article that jdbgmgr.exe is the “Microsoft Debugger Registrar for Java”. Fortunately, if you delete the file, you’re not really affected unless you use Microsoft Visual J++ 1.1 to develop programs written in the Java programming language. If you are such a developer, then you need to follow the instructions Microsoft gives on its Web page.

A Brief History of Hoaxes

The jdbgmgr.exe virus hoax is by no means an isolated incident. Indeed, there has been a rash of virus hoaxes in recent years. For instance, there was the “Budweiser Frogs screensaver” hoax in 1997. This email warned folks that a “creepoid scam-artist” was sending “a very desirable screen-saver (the Bud frogs)” that would, if downloaded, cause you to “lose everything!!!!”, while at the same time, “someone from the Internet will get your screen name and password!”. Of course, nothing of the sort would occur if you loaded the screensaver. Granted, you might find yourself thinking about enjoying a cold one, but you certainly wouldn’t find your computer affected. The logical impossibility of hard drive failure at the same time your username and password are not only saved but sent to “someone from the Internet” never seemed to cross the minds of this hoax’s victims.

Another hoax that frightened people was the so-called ” Virtual Card for You” virus of 2000. Victims were warned, via email, that a “new virus has just been discovered that has been classified by Microsoft (www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive ever!”. Details continued:

This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title “A Virtual Card for You”.

As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.

Please distribute this message to the greatest number of people possible. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN (www.cnn.com).

There was no truth to the statements in this email. There was no virus, CNN didn’t broadcast a warning, and there was certainly no panic in New York (Like a little computer virus would panic New Yorkers! It takes something serious to get New Yorkers to panic — like a shortage of cream cheese at Zabar’s, or a gigantic gorilla on top of the Empire State Building.). Nonetheless, thousands of people fell for it, and the email continues to make the rounds.

Although virus hoaxes have been circulating since 1988, the granddaddy of them all is the supposed Good Times virus, the first really successful virus hoax. It started life on AOL in 1994, and it still pops up today. Its descendants are legion, as many other virus hoaxes have copied some aspect of Good Times. In that sense, it can be said to be the most influential virus hoax of all. The virus read as follows:

Some miscreant is sending email under the title “Good Times” nationwide, if you get anything like this, DON’T DOWN LOAD THE FILE!

It has a virus that rewrites your hard drive, obliterating anything on it. Please be careful and forward this mail to anyone you care about. The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ON LINE that is unparalleled in its destructive capability. … What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing email systems of the Internet.

Once a Computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer’s processor will be placed in an nth-complexity infinite binary loop – which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the “Good Times” virus. It always travels to new computers the same way in a text email message with the subject line reading “Good Times”. Avoiding infection is easy once the file has been received simply by NOT READING IT! The act of loading the file into the mail server’s ASCII buffer causes the “Good Times” mainline program to initialize and execute.

The program is highly intelligent – it will send copies of itself to everyone whose email address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on.

The bottom line is: – if you receive a file with the subject line “Good Times”, delete it immediately! Do not read it. Rest assured that whoever’s name was on the “From” line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.

********IMPORTANT******* PLEASE SEND TO PEOPLE YOU CARE ABOUT OR JUST PEOPLE ONLINE

As with the other hoaxes we have looked at, this “warning” was full of lies and misconceptions. There is no way that simply viewing a plain-text email could infect someone’s machine with a virus (unfortunately, the same is not true for folks that use Outlook to view HTML-formatted email, as my SecurityFocus articles on Outlook security discussed). It used fancy-sounding “techie” words that sound impressive to non-technical people, but actually mean nothing at all, like the “nth-complexity infinite binary loop”, whatever that is. And finally, do you really think that a user of America OnLine could create anything like a virus this technically complex?

The Good Times hoax was fairly ironic. Often, system administrators would get the email and immediately forward it to everyone in their companies, warning employees not to open any email with “Good Times” in the subject. Of course, the email warning people not to open any email with “Good Times” in the subject HAD the words “Good Times” in the subject! This didn’t damage any computers, but it did produce severe cases of cognitive dissonance in irony-impaired workers all across America.

There’s One Born Every Minute – Or is There?

So why do people fall for these hoaxes? A lot of it goes back to the noble desire to help others. Who wouldn’t want to warn others about a disaster? And it’s so easy to send the warning to hundreds of people at one time: with just a click, you’ve saved your friends from a virus!

Another consideration is the uncertainty that people feel in dealing with computers. Look at the jdbgmgr.exe hoax, which is actually quite ingenious in its fashion. By asking users to confirm that the file is on their computer, it makes people feel like they are participating in their own computer security. Most computer users typically can’t “see” a virus, just the aftermath. This, coupled with the anxiety many people feel about their computers — these large, complicated machines that they really don’t understand — leads to a feeling of certainty when the jdbgmgr.exe file is found on their machines. “Aha!” they think, “Caught one! And there’s the proof — right in front of my eyes!”

It’s funny, but most people would never fall for such a trick in real life. Let’s say I walked up to the same people that fell for the jdbgmgr.exe trick and said, “There are terrorists in this neighborhood. If you see a man in a black hat, call the police, because he’s a terrorist!” Minutes later, a man in a black hat walks by. Would these people call the police? Probably not. They would use their common-sense, their experience of the normal everyday rhythms of life, to judge whether or not someone is a threat.

Computers, however, are the equivalent of a foreign country for many people. When someone is in a country with which they are not familiar, perhaps feeling anxiety because they don’t understand the language (“nth-complexity infinite binary loop”, anyone?), they are more likely to grab onto signposts that will help them. In such a situation, they might be far more likely to fall for my false warning about terrorists.

And if the warning came not from a stranger, but from a friend or acquaintance, as happened when jdbgmgr.exe warnings arrived in email inboxes, then the likelihood of falling victim to a hoax skyrockets. After all, in a foreign country, isn’t the sight of a fellow countryperson always welcome?

Another reason people fall for hoaxes is because they know that anti-virus programs, unfortunately, do not always work. Many viruses spread so quickly that they overwhelm users before anti-virus vendors can update their software. The “Melissa” and “I love you” viruses are good examples of this phenomena. So when users “see” — or think they see, a la jdbgmgr.exe — evidence of the “virus” on their computers, but their anti-virus software says there is no virus, many users are going to believe their eyes and not their software.

Even worse, many users pay no attention to the neccessity of updating their anti-virus software. I have seen office computers with anti-virus databases that are years out of date. When I ask these users why they haven’t updated their software, they typically respond with a blank stare and a plaintive but accurate excuse: “I didn’t know I needed to do that.”

Not Just Harmless Fun – The Real Dangers of Hoaxes

Virus hoaxes are not real viruses, by definition, but that doesn’t mean they don’t have negative effects. In fact, virus hoaxes can be quite damaging in a number of different ways.

First, it is quite possible that a hoax may end up damaging your computer. The email itself won’t have caused the damage. Instead, the email will have convinced you to damage your own computer, as my story about the the jdbgmgr.exe email demonstrates. The folks in Jerry Bryan’s church were ready to remove files from their computer that they in fact did not need to remove. They were fortunate that they really didn’t need the file in question, but what about next time? What if the hoax author had more malicious intentions and had instructed gullible recipients to remove a key system file or directory?

Second, a virus hoax results in a waste of resources. The victim wastes valuable time dealing with garbage, and time, after all, is money. People sending the message to friends, family, and colleagues waste bandwidth on the Internet and mail servers. Since these emails usually arrive chock-full of email addresses in the “To” and “CC” fields, spammers treat such warnings as a free gift full of new, valid email addresses they can exploit, further compounding the problem of wasted resources. So remember: if you forward that virus warning, you’ve just multiplied all of the losses above to include everyone else in your address book.

A virus hoax can damage your reputation, or at least make you the butt of jokes. When I receive an email from an acquaintance warning me about jdbgmgr.exe and its dangers, I just shake my head and think “Newbie!” … before I help them. If you forward that email along to 100 folks thinking you’ve done your duty, you’re going to feel pretty sheepish having to send another email letting them know you just made a foolish mistake — and a mistake that could have been prevented with just a little bit of checking on your part first.

Finally, virus hoaxes can have a corrosive effect on security. How? Consider the story of the boy who cried wolf. Similarly, virus hoaxes can undermine the attention that end users pay to rigorous security measures. As a result, users may fall into lax security habits, underestimating the dangers of real viruses because of the frequency of false alarms represented by hoaxes.

How to Spot a Virus

There are definite signs that indicate when a virus warning is in fact a hoax. With common sense and a healthy dose of skepticism, you can help make the Internet a better place by helping stop hoaxes before they spread.

First, don’t fall for a warning just because it “sounds” technical. As we have seen above (remember our friend the “nth-complexity infinite binary loop”?), technical-sounding language means nothing. In fact, most real virus warnings from real organizations don’t use a lot of technical language. They try to explain the problem and the solution in language that is simple and direct.

Just because the email came from your friend the computer nerd doesn’t mean it’s correct. Even if he works at Microsoft. And just because the email claims to be reporting the words of the FCC, or the FBI, or a respected anti-virus vendor, or some other government agency or company doesn’t make it more likely to be true. Search the Web sites of the organizations that are mentioned in the email before believing what you read. Further, do a Google search on the virus name: that may produce immediate results indicating whether the virus is real or a hoax.

If the email has a lot of exclamation points or words or phrases written in CAPITAL LETTERS, it is more than likely false. Real security alerts from reputable organizations don’t use such techniques. However, the creators of virus hoaxes do use such techniques, because they know that people are influenced by their emotions. If the email pushes emotional buttons, but doesn’t offer much in the way of verifiable fact, it’s a hoax.

The worse the virus sounds, the less likely its existence. Sure, some viruses do destructive things, but most do not. And the effects attributed to viruses in hoax emails are usually nothing short of apocalyptic: erased hard drives, destroyed systems, and panic in the streets. Be especially suspicious anytime a virus is described using a superlative, as in “most destructive”, “worst ever”, and so on.

Finally, if the “warning” says to pass it along to everyone you know, it is without doubt a fake. In effect, if you pass along warnings, then YOU become the means by which the virus hoax propagates. Real virus warnings never encourage you to forward them; instead, they direct you to a Web site for further information. Break the chain! Don’t forward emails warning about viruses!

But what if you do get an email that seems real? Don’t panic. And don’t forward it to everyone on God’s green earth. Check it out first. Ask the technical department at your company. If they’re not available, there are some excellent resources on the Web that can help you verify the truth of a virus warning.

The major anti-virus vendors all have pages about hoaxes. In particular, Symantec, makers of Norton Anti-Virus, and McAfee have in-depth and timely information that can help you sort truth from fiction. Two outstanding sites that cover these hoaxes in depth are at Vmyths.com: Hoaxes A-Z and Snopes.com. Finally, I have a page on my Web site that gathers together these and other resources.

A Last Desparate Warning

In conclusion, I have some bad news. I need to warn my readers about a terrible new virus that’s going around. Seriously! This one is real, and I urge you to watch for it and take the appropriate measures. I received the following dire warning in an email today that I must pass along to you, so you can protect yourself. Forward it to all your friends, so we can all help stop this hideous scourge before it brings the world to its knees!

If you receive an Email with the subject line “Badtimes” delete it IMMEDIATELY, WITHOUT READING it. This is the most dangerous Email virus yet.

Not only will it completely rewrite your hard drive, but it will scramble any disks that are even close to your computer. It also demagnetises the strips on your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD’s you try to play. It will recalibrate your refrigerator’s coolness settings so all your ice cream melts and your milk curdles. It will give your ex-boy/girlfriend your new phone number. This virus will mix antifreeze into your fish tank. It will drink all your beer. It will even leave dirty socks on the coffee table when you are expecting company.

It will hide your car keys when you are late for work and interfere with your car radio reception so you hear only static while stuck in traffic. When executed “Badtimes” will give you nightmares about circus midgets. It will replace your shampoo with Nair and deodorant with Surface Spray. It will give you Dutch Elm Disease and Tinea. If the “Badtimes” message is opened in a Windows95 environment, it will leave the toilet seat up and leave your hairdryer plugged in dangerously close to a full bathtub.

It will not only remove the forbidden tags from your mattresses and pillows, but it will refill your skim milk with whole milk. It has been known to disregard ‘Open This End’ labels and can make you ‘Push’ a door that says ‘Pull’ and vice versa. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve. These are just a few signs.

You have been warned!

by Scott Granneman