Virus hoaxes can often lead to real trouble

E-mail: When computer users send numerous warnings about hoaxes, networks can be slowed down.

November 08, 1999|By David L. Wilson | David L. Wilson,Knight Ridder/Tribune

The warning arrived in Wayne Ribble's electronic mail Oct. 25. A new computer virus capable of erasing a user's entire hard drive was on the loose, it said, riding in e-mail with the subject line "It Takes Guts to Say Jesus."

Ribble quickly passed the word to dozens of colleagues, friends and relatives, who, in turn, sent it to hordes of their e-mail buddies, who rocketed it on to thousands of cyberspace correspondents. By week's end, millions around the world had seen the warning, which is still circulating.

There was one problem. The e-mail to Ribble was a hoax. "I figured, better safe than sorry," Ribble ruefully recalled, noting that two earlier warnings this year had been accurate.

A rising tide of warnings about nonexistent computer threats is proving nearly as disruptive as the actual viruses. The hoaxes have become a kind of virus themselves, passed with good intentions but sometimes swamping computer networks.

The e-mail hoaxes create unwarranted fear, waste time and chew up network resources as users try to alert their friends to the "threat," and confuse others about security precautions they need to take.

It's not that computer viruses aren't a problem. They can be delivered by e-mail, and they can alter or destroy data. In some cases, such as the recent Melissa outbreak, the virus attempts to mail copies of itself to anyone in a user's e-mail address book.

Researchers identify about a dozen viruses each day. Most of the viruses are variants developed by vandals with limited skills who are modifying code developed by more sophisticated saboteurs, who develop viruses to gain prestige among their peers, as a general attack against society or just for laughs.

Typically, virus trouble arrives as an "attachment" to e-mail, such as a document that can be read with a word processor like Microsoft Word. By clicking on the attachment, the user infects the machine with the virus that was lurking inside the attachment.

Viruses can be disguised as useful or amusing programs. Users should think twice before clicking on an e-mail attachment that is supposed to be a nice fireworks display; opening it may cause a virus infection. Users who must open an attachment should scan it with an up-to-date anti-virus program beforehand.

The key thing to remember is that opening the message is unlikely to do anything dangerous. The trouble usually comes in the attachment.

The problem with hoaxes is that people are aware of the dangers from viruses and take warnings seriously, but lack knowledge of where the dangers might lie and frequently overreact.

Hoaxes are often created to see how quickly they'll spread. "The people making these things just think it's funny to see how far it'll get," said Quinn R. Peyton, technical coordinator for the Computer Emergency Response Team Coordination Center, which was founded a decade ago by the federal government to help maintain a stable Internet.

"People want to do the right thing," said Charles R. Renert, director of research at Symantec Corp.'s Antivirus Research Center. So they fire off a blizzard of e-mails to their friends at the first hint of a virus warning.

Experts ask users to avoid forwarding a virus alert without examining it closely, to prevent sudden surges in activity that can effectively shut down a corporate network.

There are documented instances of system managers thinking their systems have come under attack, when they're monitoring panicked users sending a flurry of e-mail.

"Primarily what you're talking about here is wasting people's time," said Renert.

Experts say hoaxes are going to be a fact of life on the Internet for some time, in part because so many new users are signing on every day -- new waves of suckers to fall for old virus scares.

"As long as even one person believes they've found something new, they'll forward it," said Vincent M. Weafer, director of anti-virus technology for Symantec's Antivirus Research Center.

Warning signs of false virus alerts

Researchers say a number of warning signs can help users spot false virus alerts. Among them:

No source. Typically, a hoax will cite a company, such as Microsoft, IBM or America Online, as having made an announcement about a devastating new virus, and may contain a "copy" of the nonexistent announcement. A real alert will contain a link to a fixed Web page of the company explaining the problem. Any alert without such a link should be considered suspect.

Poor grammar. While many virus hoaxes allegedly come from the desk of a well-educated company official, they often contain misspellings and grammatical errors more typical of the young boys who usually create the hoaxes and release them.

Hysteria. All hoaxes contain an urgent request for readers to send copies to everyone they know -- since that's the goal of the exercise -- combined with adjectives such as "deadly" to describe the virus.

Even sophisticated computer users can be fooled by a well-crafted scheme, which is why many organizations have set up Web pages that track known e-mail virus hoaxes. People who get an alert and don't know if it's real are urged to check the following Web sites:

* hoax.html

* virus-info/hoax/

* catalog/virus/viruses.htm


Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.