Viewable With ANY Browser

Note: My Web pages are best viewed with style sheets enabled.


Online Hoaxes: Virus Warnings

Copyright © 1999-2002, 2007, 2010, 2012 by David E. Ross

You have probably seen more than one — an E-mail message from a well-meaning friend that begins:

This is real!!!! VIRUS WARNING !!!!!!

Your first thought is: "This could be very serious." Your second thought should be: "Is this truly real?"

Yes, some such warnings are indeed legitimate. Computer viruses do exist and can cause serious damage to computer data files and operations. For a business, the disruption and recovery can be quite expensive. But many virus warnings are hoaxes. No, your friend is not trying to commit fraud; he or she is also a victim of the same hoax. To protect yourself, you must learn to recognize such hoaxes.

A Vicious Hoax

While false warnings about non-existent computer viruses might not be as destructive as actual viruses, they can indeed cause damage. Of course, there is the wasted effort in trying to protect a computer from a threat that does not really exist. However, sometimes the damage can be far worse.

One hoax the circulated in the past was the sulfnbk.exe warning. Based on an actual — but rare — virus infection of Windows routine sulfnbk.exe, this hoax advised everyone to remove that routine, whether or not it was actually infected. When present, however, sulfnbk.exe was a necessary part of Windows 95/98, providing the ability to use file names longer than 8 characters. Obviously, removing that routine impaired the ability of Windows to operate. Following the advice in this hoax could thus have caused as much damage as a real virus.

This hoax highlights the need to authenticate any warning you receive about a computer virus. Generally, that means you should verify any notice you receive via E-mail or read on a Web page or in a newsgroup by checking with an authoritative, recognized agency responsible for monitoring and reporting viruses and other security vulnerabilities. Otherwise, you run the risk of causing as much damage to your computer as would be caused by any virus. And if you spread a hoax message about a virus, you could be responsible for others damaging their computers.

The same hoax was also spread about jdbgmgr.exe (another Windows 95/98 file), which was needed for running Java applets (e.g., from a Web page).

Yes, both sulfnbk.exe and jdbgmgr.exe could be infected with computer viruses. Some viruses specifically targeted those executable files. Similar hoaxes occur from time to time regarding Windows XP and Vista files and will likely occur regarding Windows 7 files. To protect yourself, see What to Do.

WTC Survivor

A cousin of my wife's (she has almost as many as I do) sent her a warning about this. Symantec (whose products include Norton Anti-Virus) reports this as a hoax. The E-mail message circulating across the Internet contains many of well-known indicators of a hoax. However, instead of saying "warn your friends", this one says "Forward this to everyone in your address book." That would accomplish by manual means what many actual viruses do automatically — use your address book to flood the Internet.

Incomplete Advice

A plague of computer viruses prompted all kinds of well-meaning advice on how to deal with infections. One broadly circulated suggestion was to insert a dummy entry into your E-mail address book. This would not protect you from a virus but would prevent a virus on your PC from sending itself to your friends. The entry would have the name !000 and the address WormAlert (without any @). The idea is that the name would sort in front of all other entries in your address book. The address itself is illegal and thus not only stops further attempts by the virus to send E-mail but also alerts you to its activity.

None of the reports about this suggestion mention that it applies only to Micro$oft's Outlook, Outlook Express, et cetera. This does not apply to address books for Eudora (which is not even sorted), Thunderbird, or other non-Micro$oft E-mail applications. Of course, this applies only to Outlook and its clones because these viruses only spread through them. And even for Outlook, this advice does not provide 100% protection for your friends: Some viruses take random entries from your address book to propagate themselves to others rather than merely cycling from the first entry. One recent nasty virus did not even look at the address book; it scanned your incoming E-mail and sent itself only to those individuals whose messages to you had not yet opened (again, only for Outlook because Eudora and Thunderbird format their E-mail files differently).

The best advice to protect your friends from a virus infection on your own computer? First, delete all entries from your Outlook address book. Then, install and use an E-mail application that was not developed by Micro$oft.

Someone near and very dear to me asserts that the only protection he needs is to keep his anti-virus software current by updating its virus definition files frequently. This provides no protection against the very newest virus (whatever it is) that proliferates around the world before virus definition files can be developed to detect and stop it.

What to Do

What can you do about these warnings?

If you want to avoid panic over virus warnings, you should prevent them from entering your computer. Of course, you must detect and correct those that you cannot prevent.

The most important thing is to have a good virus protection application running on your computer. Use an application tested by ISCA Labs. You must also remember to update the virus definition files periodically (weekly or at least biweekly). Set the application to run continuously in the background, in what is sometimes called a "per access" mode; this means that every time you create, run, open, copy, move, download, or otherwise access a file, it is checked. To reduce the impact on your computer's performance, check only executable files (e.g.: .exe and .dll files), which are capable of being infected. (I do recommend this reduction in the scope of checking.) Don't bother with plain text files (e.g.: .txt files). Just remember that a Word document (.doc file), Excel spreadsheet (.xls file), or a Powerpoint visual presentation (.ppt file) can include an executable and should thus be checked. For extra assurance, check all files in the foreground ("per request" mode) about once or twice a month. With this kind of checking, no virus warning — even if legitimate — should be a cause for panic.

Be cautious about downloading files from untrusted sources. Be very careful about files attached to E-mail messages from senders you do not know, especially executable files (including Word documents, Excel spreadsheets, and Powerpoint visuals, all of which might contain embedded executables). Also be careful about executable files that might be contained within compressed files (e.g., ZIP files). Even be somewhat alert regarding files from known sources, who could be victims of a virus they are unknowingly spreading.

Finally, to avoided being upset by a hoax, you should check each E-mailed warning against the list of known hoaxes maintained by the developer of your virus protection application. You might also check the Urban Legends Reference Pages. Be very suspicious of a warning that is not directly from an authoritative source or a warning that is quoted and requoted (many times forwarded).

To learn more about virus hoaxes, visit the hoax Web pages of various developers of anti-virus software and related agencies (in addition to those cited above). To learn more about protecting your computer from actual viruses and other external attacks, see US-CERT's Home Network Security.

Updated 28 November 2012

Valid HTML 4.01