[ Element K Journals ]  
[ Element K Journals ]
November 2001

Recognize Internet hoaxes and viruses before the joke is on you

by T. L. Aardsma


It's a sad state of affairs when each visit to your email inbox seems to bring with it more unsolicited messages than the day before. Even if you're using a junk mail filter with your email client, junk mail like spam, advertisements and chain letters can be painstaking to sift through. Worse yet, if you don't have a trained eye for recognizing the difference between email trash and treasures, your ignorance could get you and your computer into some trouble. Email attachments are a prime vehicle for propagating Internet hoaxes and malicious viruses. However, if you train yourself to be a skeptic, you can learn to research and recognize them long before they make a sucker out of you. In this article, we'll show you some patterns to watch out for as well as some online resources where you can verify your suspicions, as shown in Figure A.

Figure A:  You can quickly debunk urban legends and verify virus suspicions with help from online resources.
[ Figure A ]

Something's rotten in the state of cyberspace

As we mentioned, the key to exposing a potential virus or an Internet hoax is to become aware of the typical patterns that each has in common. Although viruses and tall tales come in all shapes and sizes, many share similar traits that can immediately raise a cautionary flag when read by an educated user. Our helpful hints will give you the edge you need to keep one step ahead of cyberspace ruffians.

You don't need to rely on instinct alone to validate a virus or debunk a hoax. All you need is a degree of caution and suspicion. With that, you'll be ready to visit one of the many virus and hoax information centers online, where you can find out once and for all whether the message or file you're unsure of is a true virus or hoax. We'll get you started by pointing you in the right direction.

However, if you're thinking that's the last step, think again. To help prevent more of the same unwanted junk mail from making its way to your inbox in the future, we'll show you how to share your findings with your friends and colleagues the right way. We'll also tell you when and why sharing isn't the best choice.

Smelling out a rat

When training your suspicion, it's important to recognize the difference between a virus and a hoax. A virus is a program that, if executed, infects your computer by performing an undesirable action. Some viruses are harmless pranks, while others are designed to cripple your computer. You may be familiar with recent viruses like the SirCam worm, which automatically attaches itself to a random document on your computer and mails copies of the infected document to everyone in your email program's address book.

Hoaxes, on the other hand, also known as urban legends, are dubious warnings or stories that leverage our gullible natures in order to intimidate or even inspire us. While they don't necessarily infect your computer, they can infect your common sense by causing you to believe and propagate a false rumor. Some hoaxes that you might be familiar with include promises that Bill Gates, AOL or Disneyland will pay you thousands of dollars if you forward the message to others. Other hoaxes are, ironically, false virus warnings, instructing you to warn everyone you know of a virus that doesn't even exist. Still others include inspirational stories about fictitious people, warnings about hypodermic needles hidden in payphones and gas pumps, and calls to action suggesting product boycotts.

Now that we've provided you with a general idea of what constitutes the standard virus or hoax, we'll share some more specific features of each that can help you sniff out the rats in your inbox. Once you've internalized these main points, you'll begin to discover common traits among suspicious files and messages.

Spotting a virus

When it comes to spotting potential viruses, the golden rule is to always use your anti-virus software to scan an unknown file before you download or open it. Fortunately, many Web-based email clients, such as Hotmail and Yahoo!, have made this a simple task by offering the ability to scan potentially harmful email attachments before you open them, as shown in Figure B.

Figure B:  This questionable attachment, sent by an unknown source, may contain a virus and should be scanned to determine whether it's safe to open.
[ Figure B ]

Note: Keep in mind that viruses aren't just propagated as email attachments—any file you download from the Internet may contain a virus and should be treated as potentially harmful before you open it. Before you open any file you've downloaded from the Internet (or before you download it, if possible), use your anti-virus software to scan it for viruses. It may also be a good idea to review and even increase your browser's security settings, which can alert and protect you from potentially harmful file downloads. Remember, it's better to be safe than sorry.

However, even if you don't have anti-virus software, don't let viruses scare you out of your inbox. Although viruses are commonly propagated via email attachments, reading the email messages that contain them can't infect you. The virus is contained in the attached file and can only infect you if you open the attachment. By that token, it's important to be suspicious of absolutely every file attachment that makes its way to your inbox, even if it's been sent by someone you know. Remember, many viruses use your email program to send themselves automatically, so there's no guarantee that an attachment is safe unless you scan it with up-to-date anti-virus software first. Here are some additional points to keep in mind:

  • Make sure your anti-virus software, your email program and your browser are up-to-date with the latest security patches and virus definitions. New security holes are discovered in Internet products all the time, so protect your system by keeping your software up-to-date.
  • Trust no one. Use your anti-virus software to scan all email attachments before you open them, even if they were sent by someone you know. The message might have been sent by a virus that unleashed itself on your acquaintance's system without her knowledge. And remember, seemingly harmless file types, such as Word documents, could easily be Trojan horses that store and run malicious code behind the scenes.
  • Discard messages that you receive from an unknown source. Hackers are masters at stealing email addresses from online sources—even directly from your computer. If you didn't personally supply your email address to the sender, then don't take any chances with an unsolicited message from an unknown source.
  • Don't be fooled by cryptic or smooth-talking subject lines and message content. Hackers often try to con you into launching a virus by making you think it's important or it's something you asked for.
  • Beware of attachments that contain unfamiliar or double extensions. By default, Windows hides the extensions of known file types. Hackers sometimes take advantage of this default Windows behavior by adding a fake extension to a virus attachment's filename to make it seem harmless. For example, if you created a virus attachment using VBScript and named the attachment Hello.doc, Windows displays its filename as Hello.doc rather than Hello.doc.vbs. To disable this behavior, open My Computer or Windows Explorer and choose View > Folder Options from the menu bar and click on the View tab. In the Advanced Settings list box, clear the Hide File Extensions For Known File Types check box, as shown in Figure C. When you've finished, click OK.

Figure C:  To help spot viruses that sport double extensions, configure Windows to display file extensions for known file types.
[ Figure C ]

Spotting a hoax

Internet hoaxes and urban legends are, in most cases, significantly less dangerous than their virus counterparts. However, depending on their form, hoaxes can still be considered potentially harmful propaganda. So why do people bother goading the innocent with tall tales and pointless calls to action in the first place? Often, the composer simply wants to see how long it will take for the message to be forwarded to so many people that it eventually gets back to him (and how many suckers he can reach along the way). The problem is, during the process countless servers become clogged with copies of the meaningless message, and innocent readers are fooled into believing something that isn't true. Here's what you can do to help stop the cycle:
  • Don't believe everything you read. This goes doubly true for forwarded email messages that contain promises or warnings of any kind. If you find a message's claim tough to swallow, find out for sure whether it's legitimate by checking an Internet hoax resource.
  • Watch out for bogus virus warnings. Not all virus warnings are true; some are designed simply to scare you and prey upon your concern for friends and colleagues in hopes that you'll forward the bogus warning on to them. Some bogus virus warnings, like the SULFNBK.EXE virus hoax shown in Figure A, even try to scare you into harming your system by making you think you'll be helping it. Before heeding any virus warnings, check with your support personnel and an Internet hoax resource.
  • Although they're often created with good intentions, inspirational stories and outlandish tales aren't always true. Chances are, if you find something difficult to believe, it's probably a hoax. Find out for sure by checking with Internet hoax resources.

Checking with the experts

When you're suspicious of a potentially harmful email attachment or a dubious hoax, the next step is to check its validity. You can easily research viruses and hoaxes, as well as application exploits, online at the sites listed in Table A. Though we've divided these sites into separate categories, keep in mind that some of the sites we've listed include information about both viruses and hoaxes.

Table A:  Virus, hoax and exploit information resources
Viruses and application exploits
@stake www.atstake.com
AntiOnline www.antionline.com
CERT Coordination Center www.cert.org
CSRC http://csrc.nist.gov
FedCIRC www.fedcirc.gov
F-Secure www.datafellows.com/virus-info
McAfee.com Virus Information Library http://vil.mcafee.com
Microsoft TechNet Security www.microsoft.com/technet/security/current.asp
SecurityFocus.com www.securityfocus.com
Symantec AntiVirus Research Center www.sarc.com
Vmyths.com www.vmyths.com
Windows IT Security www.ntsecurity.net
Internet hoaxes and urban legends  
The AFU & Urban Legends Archive www.urbanlegends.com
HOAXBUSTERS http://hoaxbusters.ciac.org
Snopes.com www.snopes.com
The Straight Dope www.straightdope.com
Urban Legends and Folklore http://urbanlegends.miningco.com

To help you keep your virus and hoax detection instincts sharply honed, many of these sites offer newsletters that you can subscribe to for periodic updates on the latest outbreaks. In addition, since messages containing viruses or hoaxes can float around the Internet and from person to person for years, they can resurface at any time. To help you debunk even the most obscure viruses and hoaxes, most of these sites contain extensive archives that are fully searchable, enabling you to quickly pinpoint a virus or hoax simply by searching on the contents of the message you received.

Articles debunking or validating viruses or hoaxes are often highly detailed, since it's imperative that their researchers prove their own personal reliability. Most contain an example of the original message as well as details about its origin, as shown in Figure D. As a result, when you research a virus or hoax, you'll walk away armed with reliable information that you can use to combat future messages with similar traits. This brings us to the next step in the effective handling of viruses and hoaxes: After you've researched the message's validity, help break the cycle by sharing your findings with the friend or colleague who forwarded the message to you!

Figure D:  Virus information and Internet hoax articles usually detail the original message and then go on to prove or disprove the message's claim.
[ Figure D ]

Note: If you don't already have virus protection software on your system, it's a good idea to install some. Though anti-virus and personal firewall software can't guarantee immunity to all Internet exploitations, they can be extremely helpful in targeting potential danger. We've included some popular anti-virus software manufacturer sites in Table A. However, you may also want to check out utilities such as Central Command (www.centralcommand.com) and Zone Labs' ZoneAlarm (www.zonealarm.com). Central Command is an anti-virus software manufacturer and offers a free online virus scanner at www.centralcommand.com/scan.html. ZoneAlarm is highly acclaimed, free personal firewall software that protects your computer by keeping malicious hackers at bay.

Spreading good advice

When a friend or colleague sends you a message that you've discovered is an urban legend or contains a virus, it's a responsible gesture to let them know about it. However, before we continue, we'd like to stress that you should only follow up with people who you already know. If you receive a message containing a virus or hoax from an unknown source, don't bother contacting the sender. There may be additional scams that person is looking for a chance to pull on you, such as validating your email address as a source open to further spam.

Viruses and hoaxes are most often forwarded by friends and colleagues who just don't know any better. One of the most effective ways to prevent these people from sending you additional suspicious messages is to educate them as you educate yourself. After you've researched a virus or hoax, kindly notify the sender of what you've learned and provide a link to that information. If you're uncomfortable composing such a message yourself, you may be more comfortable taking advantage of The Urban Legend Combat Kit at www.netsquirrel.com/combatkit. For more information, see the November 2000 article "Fight hoaxters with the Urban Legend Combat Kit." An informed netizen is a responsible netizen, and by sharing your new knowledge with others, you can work together to break the cycle of suspicious viruses and hoaxes.

Breaking the cycle

By sharpening your instincts and increasing your suspicion of mysterious email messages, you can prevent hackers and hoaxters from taking advantage of you. In addition, by sharing your knowledge and research with your friends and colleagues, you can help combat Internet ignorance. Don't forget that email attachments aren't the only place to catch a virus—you can unleash viruses on your system by downloading infected files from the Internet as well. Stay tuned for a future article about protecting your system from potentially dangerous Internet files.