Return to NSRC Help Desk home.
What is a Virus/E-Mail Hoax?
Have you ever received an e-mail message that includes something like the following:
- A warning of a new virus that you should send on to everyone you know.
- A warning of a scam that you should send on to everyone you know.
- A petition to help the needy or some cause that wants you to foward it on to those who might be interested.
- A get-rich-quick scheme that claims if you forward on the message you'll receive money for each time it's forwarded.
- A claim that for each email sent someone in need will be helped by another organization.
These five scenarios account for almost all the virus and e-mail hoaxes you will see, and in almost all cases anything that follows any of these guidelines is a hoax, false, or an outdated petition that is just "floating" around the Internet. Before you consider forwarding any email that asks you to forward it to anyone else you should be able to do the following:
- Verify the original date the message was created and sent.
- Verify the original sender of the message.
- Verify any quotes made by any organizations mentioned with specific URL's (web addresses) that backup the claims made in the message.
- If the e-mail is for a cause be able to verify the date of any action mentioned and/or the specific piece of legislation that is mentioned.
In general it is considered very bad form to forward a message on to a large number of people. Many Internet Service Providers will go so far as to remove your account if you do this, even if you believe it is for a good cause. Any e-mail that is from an organization trying to effect a change should refer to a specific URL where you can go to sign a petition or to make your voice heard. The problem with the Internet is that even if the request is legitimate the message is likely to circulate for months, if not years, after the messages intended date has passed.
Why these Hoaxes Cause Problems?
Imagine, if you will, someone receives a message that tells them to foward it on to "everyone they know." Now imagine this person forwards the message on to 100 people. (We see forwards to several hundred people all the time). Now if just a few people forward the message on to a large group, the message will be duplicated thousands of times in a short period of time, often just hours.
A few thousand extra e-mails result in a bunch of wasted disk space, clogging of network bandwidth, and most importantly the complete waste of time for many professionals and, possibly, your friends all over the world. This simple e-mail hoax may cost thousands of dollars in wasted time by everyone involved.
What's even harder is that once in a great while the message might be true, or contain some relevant information. For this very reason the next section takes a typical hoax message and breaks it down, showing you how to tell when something is fake. Finally, if you still aren't sure you can check the various sites listed at the end of this document, or you can consult a computer consultant and ask if the message is true.
How to Tell if a Message is a Hoax?
Below is a message about a supposed screen saver that will wipe out your hard drive and "steal your password." You can read about this virus hoax at http://www.symantec.com/avcenter/venc/data/buddylst.zip.html. Read after the message for some tips on how you can tell this is obviously a hoax.
Subject: [Fwd: Beware of the Budweiser virus--really!]
This information came from Microsoft yesterday morning. Please pass it on to anyone you know who has access to the Internet. You may receive an apparently harmless Budweiser Screensaver, If you do, DO NOT OPEN IT UNDER ANY CIRCUMSTANCES, but delete it immediately. Once opened, you will lose EVERYTHING on your PC. Your hard disk will be completely destroyed and the person who sent you the message will have access to your name and password via the Internet.
As far as we know, the virus was circulated yesterday morning. It's a new virus, and extremely dangerous. Please copy this information and e-mail it to everyone in your address book. We need to do all we can to block his virus. AOL has confirmed how dangerous it is, and there is no Antivirus program as yet which is capable of destroying it.
Please take all the necessary precautions, and pass this information on to your friends, acquaintances and work colleagues.
End of message.
First, take look at the following text:
"This information came from Microsoft yesterday morning."
The words "yesterday morning" are quite a clue. When was yesterday morning? Obviously not yesterday. What about Microsoft? If they are making some sort of announcement where is the web site address with this announcement? Why would Microsoft make an announcement about some random virus that has nothing to do with their company?
Please pass it on to anyone you know who has access to the Internet.
Anything that asks you to "pass it on to anyone you know who has access to the Internet" is a big flag. Any official group (Microsoft, AOL, etc.) are the last ones to ask you to forward e-mail to everyone you know. This goes against standard Internet policies and good etiquette. It just clogs up disks, networks and wastes everyone's time.
"AOL has confirmed how dangerous it is..."
If AOL had confirmed anything they would certainly have a URL with this statement. Furthermore, what does AOL have to do with this? Finally, AOL is not an official virus reporting agency. You want to see things like CERT, Symantec (they make Norton AntiVirus), McAfee, F-PROT (they make F-PROT F-Secure), etc.
The following statement is a big sign:
"...and there is no Antivirus program as yet which is capable of destroying it."
By the time the message gets to anyone, if the virus was for real, all the major antivirus programs would already have a check for this. Generally it takes just one or two days for a big company like Symantec, McAfee, or F-PROT to come up with a check for such a virus.
Finally, we have this:
"...the person who sent you the message will have access to your name and password via the Internet."
What password? What do they mean by "via the Internet"? If you do store any of your passwords on your machine (e.g. dialup, in Eudora, etc.) it's encrypted. Furthermore, suppose it's some super virus and it can decrypt your passwords in certain circumstances, then what? Is it going to mail the password back to its creator? Now the FBI can track them down easily and arrest them? None of this makes much sense. Many e-mail hoaxes make statements such as this.
Finally, if you've read through this and you are still unsure if a message you have received is fake or outdated you can use the following resources to help you figure this out.
Where to Check if a Message is a Hoax
You should note that many of these virus Hoax pages do not list all hoaxes nor do they list many of the petitions that are sent around the Internet. For instance, the petition for congress to fund National Public Radio has been circulating for several years. This action already took place and the petition is now just an embarrassment to NPR and creates bad publicity for them.
Before you consider forwarding on a petition for any cause be absolutely sure that the petition is current, that the cause is actually currently asking for this help, and how about not forwarding on the petition but going to their web site and seeing if you can't sign one on-line. Any organization with any technical savvy will avoid sending out e-mail petitions and instead ask that people go to their web site to help out.
At the University of Oregon if you forward a petition on to a large number of people you are most likely going to annoy many of them, and you may lose your account. Do not include a large number of e-mail addresses in the "from:" field... ever! If just one person responds to you they will respond to the entire list! We have seen this create thousands of angry e-mail messages in a matter of hours. Just don't do it!
Now, to see if a message is a hoax you can try out the following sites:
Snopes Urban Legends Reference Pages
Symantec's AntiVirus Research Center Virus Hoax Page
Note: Symantec makes Norton AntiVirus. For those with McAfee, while the
product is decent, their web site does not compare. Still, they do have
a smaller hoax page at
Datafellows who make F-Prot Secure
These folks are some of the best around and their web site is a great resource.
ICSA Independent Security Advisors Hoax List
A Non-Profit Anti-Haox Site
A Big List of Virus Hoax Sites from Yahoo
CERT's Official Virus Resources Page
A Nice List of Virus Hoax Sites
A Good Virus Hoax and Urban Legends Resource
About.com's Urban Legends and Virus Hoax Pages
If you are ever in doubt just keep these URLs in your favorites list and check out the sites to see if they've got the hoax listed. Even if they don't, if you follow some of the rules above, you can almost always spot a scam, old petition, or a virus hoax a mile away.