How can I tell if the virus warning I’ve just received through e-mail is real or not?

Posted on January 8, 2009 by Daniel Petri in Security with 0 Comments

Say “No” to Hoaxes

As much good stuff as there is on the Internet, unfortunately there is even more bad stuff such as spam, virii, scams, porn, crackers, etc. Another one of the annoying things found in abundance online are hoaxes.

What is a Hoax?

A hoax is usually an e-mail you receive with a supposedly very important message, urging you to pass this info on to as many people as possible to make them aware of this info. However, the message is bogus and passing it on will accomplish nothing else but create unnecessary junk e-mail messages, very similar to chain letters. The only purpose of hoaxes is to waste your time and make you help generate junk Internet traffic.

Hoaxes are essentially another type of virus. Think about the similarities:

  • A virus is a malicious piece of code camouflaged as a harmless program or file – a hoax is a bogus message camouflaged as a true story, important message, etc.
  • A virus spreads over the Internet via e-mail – so does a hoax.
  • A virus interrupts productivity by screwing with your computer – a hoax interrupts productivity by making you waste time reading it and forwarding it, as well as bogging down e-mail servers around the globe.

How does a hoax work?

Here’s the big difference between a virus and a hoax. A lot of virii are malicious programs that spread themselves in secret by e-mailing themselves to some or all people in your address book without you even noticing. But a hoax is not a program or script and therefore cannot replicate and spread itself. It has to be a lot trickier. The secret is that a hoax has to be convincing enough to make you believe it’s true so that you spread the hoax yourself! This means a hoax not only wastes your time by making you read it, it also tries to manipulate you and make you do something against your will – spread the hoax and waste other people’s time as well!

How to identify a hoax

Any e-mail that asks you to forward it to as many people as possible is a hoax – period. I’ve yet to see a single e-mail asked to be forwarded that was legit. Any time you see a request to spread an e-mail – don’t! Assume it’s a hoax, don’t bother reading on, just delete it and put an end to it.

Also, a hoax will have some combination of the following factors (but not necessarily all of them):

  • It’s a warning message about a virus (or occasionally a Trojan) spreading on the Internet.

Example:

Here is some important information. Beware of a file called Goodtimes. Happy Chanukah everyone, and be careful out there. There is a virus on America Online being sent by E-Mail. If you get anything called “Good Times”, DON’T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.

  • It’s usually from an individual, occasionally from a company, but never from the cited source.

Example:

Someone got an e-mail, titled as JOIN THE CREW. It has erased his hard drive. Do not open up any mail that has this title. It will erase your whole hard drive. This is a new e-mail virus and not a lot of people know about it, just let everyone know, so they won’t be a victim.”

  • It warns you not to read or download the supposed virus, and preaches salvation by deletion.

Example:

There is a computer virus that is being sent across the Internet. If you receive an e-mail message with the subject line “Deeyenda”, DO NOT read the message, DELETE it immediately! Some miscreant is sending e-mail under the title “Deeyenda” nationwide, if you get anything like this DON’T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterates anything on it. Please be careful and forward this e-mail to anyone you care about.”

  • It describes the virus as having horrific destructive powers and often the ability to send itself by e-mail.

Example:

A deadly new computer virus that actually causes home computers to explode in a hellish blast of glass fragments and flame has injured at least 47 people since August 15, horrifying authorities who say millions of people are risking injury, blindness or death every time they sit down to work at their PC!”

  • It usually has lots of words in all caps and loads of exclamation marks.

Example:

THERE IS A VIRUS GOING AROUND CALLED THE A.I.D.S VIRUS. IT WILL ATTACH ITSELF INSIDE YOUR COMPUTER AND EAT AWAY AT YOUR MEMORY THIS MEMORY IS IRREPLACEABLE. THEN WHEN IT’S FINISHED WITH MEMORY IT INFECTS YOUR MOUSE OR POINTING DEVICE. THEN IT GOES TO YOUR KEY BOARD AND THE LETTERS YOU TYPE WILL NOT REGISTER ON SCREEN. BEFORE IT SELF TERMINATES IT EATS 5MB OF HARD DRIVE SPACE AND WILL DELETE ALL PROGRAMS ON IT AND IT CAN SHUT DOWN ANY 8 BIT TO 16 BIT SOUND CARDS RENDERING YOUR SPEAKERS USELESS. IT WILL COME IN E-MAIL CALLED “OPEN: VERY COOL! :) DELETE IT RIGHT AWAY. THIS VIRUS WILL BASICLY RENDER YOUR COMPUTER USELESS. YOU MUST PASS THIS ON QUICKLY AND TO AS MANY PEOPLE AS POSSLE!!!!! YOU MUST!”

  • It urges you to alert everyone you know, and usually tells you this more than once.

Example:

If you receive an e-mail titled “It Takes Guts to Say ‘Jesus’ DO NOT OPEN IT. It will erase everything on your hard drive. This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than “Melissa”, and that there is NO remedy for it at this time. Some very sick individual has succeeded in using the re-format function from Norton Utilities causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it. Pass this warning along to EVERYONE in your address book and please share it with all your online friends ASAP so that this threat may be stopped. Please practice cautionary measures and tell anyone that may have access to your computer. Forward this warning to everyone that might access the internet.”

  • It seeks credibility by citing some authoritative source as issuing the warning. Usually the source says the virus is “bad” or has them “worried.”

Example:

If you receive an e-mail titled “WIN A HOLIDAY” DO NOT open it. It will erase everything on your hard drive. Forward this letter out as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from Microsoft; please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in our address book so that this may be stopped. Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.”

  • It seeks credibility by describing the virus in specious technical jargon.

Example:

“A new virus has just been discovered that has been classified by Microsoft www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive ever! This virus was discovered yesterday afternoon by McAfee and no vaccine has yet been developed. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored. This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title “A Virtual Card for You”. As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN (www.cnn.com). This alert was received by an employee of Microsoft itself. So don’t open any mails with subject “A Virtual Card for You”. As soon as you get the mail, delete it. Please pass on this mail to all your friends. Forward this to everyone in your address book. I would rather receive this 25 times than not at all. Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an e-mail called “An Internet Flower For You”, do not open it. Delete it right away! This virus removes all dynamic link libraries(.dll files) from your computer. Your computer will not be able to boot up. SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!”

Sponsored

Sponsored
Every hoax only works if it can convince you that it is legit. They usually do that by claiming that this message comes from some type of authority, some well-known or at least very legitimate sounding organization. Yet the message is being forwarded to you from a friend who got it from a friend who got it from a friend…

If the message was not sent to you directly from said authority, be suspicious, assume it’s bogus until you have verified its authenticity by, for example, visiting said authority’s web site to see if it’s mentioned there. If it’s so important, they would post it, don’t you think?

A hoax spreads by being forwarded. When you forward an e-mail message, most e-mail clients insert the original message with a bracket (>) in front of each line. If you see a message with tons of those brackets, it’s usually a chain letter-type hoax.

The topic of a hoax usually falls into one of the following categories:

  • A virus warning – it describes some horrible new virus that spreads like wildfire and does horrible things to computers. You can easily verify them first by visiting the web site of a reputable virus software manufacturer, they maintain searchable databases where you can look up every virus known to mankind.
  • A scam – it asks you to send something back, whether it’s money, your ISP user name and password, credit card number, etc.
  • An urban legend – some incredible tale of something that happened. If it sounds unbelievable, it usually is.
  • A give-away – it claims that some big well-known company is giving away something for free based on how many times the e-mail is forwarded as it keeps track of how often the e-mail is sent. First of all, there is no such thing as an e-mail tracking system. Secondly, think about it for a moment. Even if the give-away is only worth a dollar and only a few million people get the e-mail, why would anybody give away millions of dollars? Duh!
  • A tear-jerker – a very common hoax is a story of a person on his/her deathbed with the last wish of receiving tons of e-mail or cards, or somebody donating money for each e-mail sent towards research to cure the (fictitious) disease.
  • A regular chain letter – the most common one is to send it on, otherwise you’ll have bad luck. No matter how superstitious you are, this is complete bull.
  • A get-rich-quick scheme – somebody has the secret to getting rich quick, and they are sharing it with everybody on the Internet. Think about it: if someone knows how to make a lot of money then why the hell are they telling YOU about it? Out of the goodness of their heart? I don’t think so. And besides, if this scheme really works and is readily available online, why aren’t there more rich people?

What to do with a hoax e-mail

If you receive an e-mail that looks like a hoax, the best thing to do is to stop reading and delete the message. Don’t waste your time reading the message and don’t waste other people’s time by forwarding it.

If you are skeptical and think it might be legit, take a few minutes and try to verify its authenticity. If the so-called source of the message has a web site, go visit it and see if the information is posted there. Since it was important enough to send around the Internet, it should be prominently featured, shouldn’t it?

If the source doesn’t have a web site, try to identify it and see if it even exists. Chances are you’ll find out very quickly that this congressman/hospital/company/whatever doesn’t even exist.

If the message is a virus warning, visit the web site of one of the reputable virus scanner software manufacturer (links provided below). If the virus actually exists, they will have information about it on their web site. Every virus scanner site maintains a searchable database for easy reference of existing virii.

If none of the above methods reveals anything about the message you received, visit one of the hoax info web sites (links provided below). They also maintain a searchable database where you can see if the message is bogus.

If that doesn’t work either and you still cannot verify its authenticity, delete the message and forget about it. You’ve already spent enough time on it.

Finally and most important!

Mail a copy of this page to every person you know and to all your contacts! If you don’t, bad things will happen to you and your computer will explode!

:-)

(Let’s see if got the point or not…)

Hoax and urban legend lists

http://hoaxbusters.ciac.org/HBHoaxIndex.html

http://www.stiller.com/hoaxes.htm

http://www.symantec.com/avcenter/hoax.html

http://vil.nai.com/VIL/hoaxes.asp

http://dispatch.mcafee.com/esecuritynews/may2002/viruswatch.asp

http://www.sophos.com/virusinfo/articles/hoaxes.html

http://www3.ca.com/virusinfo/Encyclopedia.asp?TYPE=4

http://www.virusbtn.com/

http://www.virusbtn.com/resources/hoaxes/

http://www.research.ibm.com/antivirus/SciPapers.htm

http://www.snopes.com/index.htm

http://www.vmyths.com/

http://www.truthorfiction.com/

http://www.cnet.com/techtrends/0-1544318-7-1580533.html?&tag=st.cn.sr.bb.1

http://www.cdc.gov/hoax_rumors.htm

http://www.breakthechain.org/

This tip was in part modified from http://www.pcnineoneone.com/howto/hoax1.html

Sponsored