How to sort the wheat from the chaff
People sending out so-called virus warnings to all their friends, however well-intentioned they may be, are in fact doing more harm than good.
- They are contributing to what can amount to a mail flood after 25 people have each forwarded it to another 25 people, who in turn... You get the picture.
- They are frightening unnecessarily the less confident users among their contacts.
- As with any chain letter, some people include their entire contact list in the visible "To:" and "Cc:" headers, which is a breach of everyone's privacy and potentially a risk that those addresses will be harvested by spammers and viruses.
- Some of these chain mails trick readers into damaging their system by deleting files that are necessary for the machine's normal operation.
There was a period a few years ago when people were sending these things around by the bucketload, and then everybody seemed to wise up and the flurry petered out, which is why I never did get round to publishing a page about it. I genuinely thought this was a thing of the past until I received another so-called virus warning yesterday. So, rather than have to go through all the explanations yet again with each person who is going to be sending me one of these warnings, this time I've decided to put up a page to which I can direct people so they can find out how to decide for themselves about the veracity of the warning they're about to send out.
These are the tell-tale signs that will allow you to identify a scam and take appropriate action when you see one. Appropriate action is, of course, to direct the person from whom you received the warning to this page and to bin that warning instead of forwarding it to everyone you know.
1. Tell everyone you know!
These scams invariably instruct the reader to forward the message to everyone in their address book. No need for the scammer to write a virus or anything like that when they can simply ask people to forward the message manually… The idea behind these scams is to induce panic and mayhem, but it can stop with you if you do the right thing.
2. This virus will make your toenails go pink!
Well, some people might consider that a plus, but that's another debate… The point is that many of these warnings will attribute to viruses properties that are technically impossible. I've seen claims that a virus will demagnetize any credit cards within 10 feet of my computer − a computer can't do that without specialized electronic devices that, if you possessed them, would mean that you already know that the claim made in the warning is a load of cobblers. I've more recently seen a scam that claims that the virus can "burn" my "C" drive − quite apart from the fact that I don't have a "C" drive to burn in my system in the first place (that's a Windows-specific thing), viruses cannot ignite anything.
3. AOL/CNN/Microsoft says this is the most dangerous virus yet!
Right, so if it's that virulent, a bunch of people telling each other not to open unexpected attachments is going to be really effective in killing it off. A link to a page on AOL's/CNN's/Microsoft's site supporting that claim would go a long way to making the whole thing more credible. Instead of that, we have to take the word of someone apparently rather gullible on face value. Riiiiiight. I have this great bridge for sale if you're interested…
4. Just delete this file and you'll be rid of the virus…
Some of these hoaxes will ask you to delete files from your machine's system directories in order to rid yourself of the so-called virus. Frequently, they will point to a file that exists on any clean system and is therefore pretty much guaranteed to exist on yours. You then see the file, panic, and think "wow, this thing must be true!" The quintessential case of this was the jdbgmgr.exe teddy bear icon hoax (see here, here, or here. Want more?)
While this particular case wasn't dramatic, it's only a small leap of imagination for hoaxers to entice you into deleting files that are necessary for your computer's normal operation.
Believe it or not, a real virus is smarter than this anyway. If the file someone is asking you to delete is the active payload of the virus actually running in memory, then you won't be able to delete it. If it isn't currently running then there's something else running that will replace that file next time the computer starts.
Real virus removal toolkits are provided by reputable antivirus organizations and they don't usually entail the end-user deleting files manually. They do, however, entail making changes to the machine's system registry, and that is more often than not an operation beyond the end-user's abilities and/or level of self-confidence, which is why they do it automatically instead of asking the end-user to do it.
5. You can read more about this virus here…
Errrrm… Where, exactly?
A real virus warning will contain a link to the site of a well-known antivirus outfit such as McAfee, Symantec, Kaspersky etc. In fact, it will probably contain pretty much nothing but the link. Any warning that doesn't contain such a link should be discarded immediately as fake and the sender admonished at least for not sending full information.
Also, these hoaxes will never name the virus they're warning you about. Why? Because you can then feed the name to your favourite search engine, whereupon you'll find out that it's a hoax.
So, next time you're sent a dire warning about a new virus doing the rounds, ask yourself these questions:
- Am I being asked to forward this message to everyone? (think: snowball effect)
- Do the powers of this "virus" look rather surreal?
- Is there a claim that the media and/or a major ISP are worried about this but no link to that organization's site to back the claim up?
- Am I being encouraged to delete files from my machine?
- Am I being asked to accept this on face value without the claim being backed up by a reputed antivirus outfit?
The most important question is the last one. If you are given a link to an antivirus outfit, not a link to somewhere you've never heard of but that happens to contain an antivirus vendor's name somewhere in it, then the information on that page should supercede anything else in the warning e-mail.
Otherwise, the more "yes" answers to the questions above, the more certain you can be that the warning you received is at best a hoax, at worst something that can damage your system if you follow the instructions given. If there is one "yes" answer, you can be fairly sure that the warning is to be discarded and should dig around on your own for further information before following instructions. If there are two "yes" answers than the warning is almost certainly bogus. Three or more "yes" answers guarantee that the warning is bogus.
Powered by Apache / Slackware Linux
Last update: 20-MAY-2014 12:58:39 UTC
This page has been served 4406 times since 26-JUN-2007