Need a book? Engineering books recommendations...

Return to index: [Subject] [Thread] [Date] [Author]

Re: Fw: Virus Warning - NOT TRUE

[Subject Prev][Subject Next][Thread Prev][Thread Next]
Dear Mr. Osborn:

Your virus warning is NOT TRUE.  Pls. do not indiscriminately pass on virus
warning without checking them out.  

Check out "Computer Incident Advisory Capability - Dept. of Energy" webpage: 
<A HREF="http://ciac.llnl.gov/ciac/CIACHoaxes.html";>
http://ciac.llnl.gov/ciac/CIACHoaxes.html</A>
"Computer Virus Myths home page"  <A HREF="http://www.kumite.com/myths/";>
http://www.kumite.com/myths/</A>
------------------------------------------------------------------------------
--

How to Identify a Hoax
There are several methods to identify virus hoaxes, but first consider what
makes a successful hoax on the Internet. There are two known factors that make
a successful virus hoax, they are: (1) technical sounding language, and (2)
credibility by association. If the warning uses the proper technical jargon,
most individuals, including technologically savvy individuals, tend to believe
the warning is real. For example, the Good Times hoax says that "...if the
program is not stopped, the computer's processor will be placed in a nth-
complexity infinite binary loop which can severely damage the processor...."
The first time you read this, it sounds like it might be something real. With
a little research, you find that there is no such thing as a nth-complexity
infinite binary loop and that processors are designed to run loops for weeks
at a time without damage. 

When we say credibility by association we are referring to whom sent the
warning. If the janitor at a large technological organization sends a warning
to someone outside of that organization, people on the outside tend to believe
the warning because the company should know about those things. Even though
the person sending the warning may not have a clue what he is talking about,
the prestige of the company backs the warning, making it appear real. If a
manager at the company sends the warning, the message is doubly backed by the
company's and the manager's reputations. 

Individuals should also be especially alert if the warning urges you to pass
it on to your friends. This should raise a red flag that the warning may be a
hoax. Another flag to watch for is when the warning indicates that it is a
Federal Communication Commission (FCC) warning. According to the FCC, they
have not and never will disseminate warnings on viruses. It is not part of
their job. 



------------------------------------------------------------------------------
--

Validate a Warning
CIAC recommends that you DO NOT circulate virus warnings without first
checking with an authoritative source. Authoritative sources are your computer
system security administrator or your computer incident advisory team. Real
warnings about viruses and other network problems are issued by different
response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by
the sending team using PGP. If you download a warning from a teams web site or
validate the PGP signature, you can usually be assured that the warning is
real. Warnings without the name of the person sending the original notice, or
warnings with names, addresses and phone numbers that do not actually exist
are probably hoaxes. 

Another area of concern is Internet chain letters that may or may not be true.
For more information on Internet chain letters reference
http://ciac.llnl.gov/ciac/CIACChainLetters.html. 


------------------------------------------------------------------------------
--

What to Do When You Receive a Warning
Upon receiving a warning, you should examine its PGP signature to see that it
is from a real response team or antivirus organization. To do so, you will
need a copy of the PGP software and the public signature of the team that sent
the message. The CIAC signature is available at the CIAC home page:
http://ciac.llnl.gov/ You can find the addresses of other response teams by
connecting to the FIRST web page at: http://www.first.org. If there is no PGP
signature, see if the warning includes the name of the person submitting the
original warning. Contact that person to see if he/she really wrote the
warning and if he/she really touched the virus. If he/she is passing on a
rumor or if the address of the person does not exist or if there is any
questions about the authenticity or the warning, do not circulate it to
others. Instead, send the warning to your computer security manager or your
incident response team and let them validate it. When in doubt, do not send it
out to the world. 

In addition, most anti-virus companies have a web page containing information
about most known viruses and hoaxes. You can also call or check the web site
of the company that produces the product that is supposed to contain the
virus. Checking the PKWARE site for the current releases of PKZip would stop
the circulation of the warning about PKZ300 since there is no released version
3 of PKZip. Another useful web site is the "Computer Virus Myths home page"
(http://www.kumite.com/myths/) which contains descriptions of several known
hoaxes. In most cases, common sense would eliminate Internet hoaxes. 

Ron Fong
Fremont, CA