What is a Virus/E-Mail Hoax?

Have you ever received an e-mail message that includes something like the following:

  •  A warning of a new virus that you should send on to everyone you know.
  • A warning of a scam that you should send on to everyone you know.
  • A petition to help the needy or some cause that wants you to forward it on to those who might be interested.
  • A get-rich-quick scheme that claims if you forward on the message you’ll receive money for each time it’s forwarded.
  • A claim that for each email sent someone in need will be helped by another organization.
  • A warning of a new virus or a scam that was sent out apparently by an organisation that is perceived as being legitimate and informed – like the South African Police.

These 6 scenarios account for almost all the virus and e-mail hoaxes you will see, and in almost all cases anything that follows any of these guidelines is a hoax, false, or an outdated petition that is just “floating” around the Internet. Before you consider forwarding any email that asks you to forward it to anyone else you should be able to do the following:

  •  Check the original date the message was created and sent.
  • Check the original sender of the message.
  • Check how many times the mail has been forwarded (Several FWD: Or Forwarded: in the subject line will be a clue)
  • Check any quotes made by any organizations mentioned with specific URL’s (web addresses) that backup the claims made in the message.
  • If the e-mail is for a cause, check the date of any action mentioned and/or the specific piece of legislation that is mentioned.

In general it is considered very bad manners  to forward a message on to a large number of people.

Why these Hoaxes Cause Problems?

Imagine if someone receives a message that tells them to forward it on to “everyone they know.” If  this person forwards the message on to 100 people, (which is not uncommon) and just a few people forward this message onto to another large group, the message will be duplicated thousands of times in a short period of time, often just hours.

A few thousand extra e-mails result in a bunch of wasted disk space, clogging of network bandwidth, and most importantly the complete waste of time for many professionals and, possibly, your friends all over the world. This simple e-mail hoax may cost thousands of dollars in wasted time by everyone involved. Consider the man hours wasted in dealing with these hoaxes and what is costing the organisation.

Furthermore the organisation is employing people to do a job and if these employees waste time sending out mail instead of doing their work, they are essentially robbing the organisation

What is equally disconcerting is that there might be a message that is true, or contains some important information, that is ignored because most of the previous e-mail have been hoaxes. (The old fairy tale of “The boy who cried wolf” is a good example)

 How to Tell if a Message is a Hoax?

Below is a message about a supposed screen saver that will wipe out your hard drive and “steal your password.” You can read about this virus hoax at http://www.symantec.com/avcenter/venc/data/buddylst.zip.html

Read after the message for some tips on how you can tell this is obviously a hoax.

 Subject: [Fwd: Beware of the Budweiser virus–really!]

 This information came from Microsoft yesterday morning. Please pass it on to anyone you know who has access to the Internet. You may receive an apparently harmless Budweiser Screensaver, If you do, DO NOT OPEN IT UNDER ANY CIRCUMSTANCES, but delete it immediately. Once opened, you will lose EVERYTHING on your PC. Your hard disk will be completely destroyed and the person who sent you the message will have access to your name and password via the Internet.

 As far as we know, the virus was circulated yesterday morning. It’s a new virus, and extremely dangerous. Please copy this information and e-mail it to everyone in your address book. We need to do all we can to block his virus. AOL has confirmed how dangerous it is, and there is no Antivirus program as yet which is capable of destroying it.

Please take all the necessary precautions, and pass this information on to your friends, acquaintances and work colleagues.

End of message.

EMAILCHIEF

 First, take look at the following text:

“This information came from Microsoft yesterday morning.”

The words “yesterday morning” are quite a clue. When was yesterday morning? Obviously not yesterday. What about Microsoft? If they are making some sort of announcement where is the web site address with this announcement? Why would Microsoft make an announcement about some random virus that has nothing to do with their company?

Please pass it on to anyone you know who has access to the Internet.

Anything that asks you to “pass it on to anyone you know who has access to the Internet” is a big flag. Any official group (Microsoft, AOL, etc.) are the last ones to ask you to forward e-mail to everyone you know. This goes against standard Internet policies and good etiquette. It just clogs up disks, networks and wastes everyone’s time.

“AOL has confirmed how dangerous it is…”

If AOL had confirmed anything they would certainly have a URL with this statement. Furthermore, what does AOL have to do with this? Finally, AOL is not an official virus reporting agency. You want to see things like CERT, Symantec (they make Norton AntiVirus), McAfee, F-PROT (they make F-PROT F-Secure), etc.

The following statement is a big sign:

“…and there is no Antivirus program as yet which is capable of destroying it.”

By the time the message gets to anyone, if the virus was for real, all the major antivirus programs would already have a check for this. Generally it takes just one or two days for a big company like Symantec, McAfee, or F-PROT to come up with a check for such a virus.

Finally, we have this:

“…the person who sent you the message will have access to your name and password via the Internet.”

What password? What do they mean by “via the Internet”? If you do store any of your passwords on your machine (e.g. dialup, in Eudora, etc.) it’s encrypted. Furthermore, suppose it’s some super virus and it can decrypt your passwords in certain circumstances, then what? Is it going to mail the password back to its creator? Now the South African Police can track them down easily and arrest them? None of this makes much sense. Many e-mail hoaxes make ridiculous statements such as this.

Where to Check if a Message is a Hoax

Before you consider forwarding a message about a “virus” or a petition, always check your sources, just because your elderly mother sent it from her computer, or the e-mail has a South African Police or SARS logo on it, doesn’t necessarily tell you that it is legitimate or true. Sometime a simple Google search with key terms will immediately give you an answer, often within a couple of seconds.

To check if a message is a hoax you can try out the following sites:

Snopes Urban Legends Reference Pages

http://www.snopes.com/

Symantec’s AntiVirus Research Center Virus Hoax Page

http://www.symantec.com/avcenter/hoax.html