Combination Hoaxes      
Dire sounding warnings from friends, families, and even strangers, greet us from our inbox on a regular basis. Despite their better judgement, many forward these on to others "just in case". The situation worsens with hoaxes that combine legitimate virus information with bogus details.
 
Alleged "Good Times" Virus      
A rumor has been circulating on the Internet and other on-line services, that the "FCC" released a public notice warning about an alleged "Good Times" computer virus. The U.S. Federal Communications Commission (U.S. FCC) did not issue such a notice. This rumor has recycled several times in the last few months.
 
Fw: Fw: Fw: Hoax      
Mass-mailing email worms don't have to have a malicious payload to cause trouble. Just the threat of their spread can result in a knee-jerk reaction of shutting down mail-servers until signature updates can be obtained. Wonder why no one shuts down the mail server when a hoax gets going? From a prevalency standpoint, it seems hoaxes win hands down. The only difference is, the email worm sends itself automatically while the email hoax relies on the user to forward to everyone they know... and there seems to be no shortage of users willing to oblige that request.
 
THE "Good Times" VIRUS IS AN URBAN LEGEND      
In the early part of December, CIAC started to receive information requests about a supposed "virus" which could be contracted via America OnLine, simply by reading a message. The following is the message that CIAC received: Here is some important information. Beware of a file called Goodtimes. Happy Chanukah everyone, and be careful out there. There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.
 
What Are Internet Hoaxes and Chain Letters?      
Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering. Most of the hoax messages play on your need to help other people. Who wouldn't want to warn their friends about some terrible virus that is destroying people's systems? Or, how could you not want to help this poor little girl who is about to die from cancer? It is hard to say no to these messages when you first see them, though after a few thousand have passed through your mail box you (hopefully) delete them without even looking.
 
The Risk and Cost of Hoaxes      
The cost and risk associated with hoaxes may not seem to be that high, and isn't when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs. For example, if everyone on the Internet were to receive one hoax message and spend one minute reading and discarding it, the cost would be something like: 50,000,000 people * 1/60 hour * $50/hour = $41.7 million
 
How to Recognize a Hoax      
Probably the first thing you should notice about a warning is the request to "send this to everyone you know" or some variant of that statement. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.
 
Recognizing a Chain Letter      
Chain letters and most hoax messages all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts: A hook. A threat. A request.
 
Validating a Warning      
CIAC recommends that you DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator, your computer incident handling team, or your antivirus vendor. Real warnings about viruses and other network problems are issued by computer security response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. Warnings about new malicious code are also available at the antivirus vendors sites and at the operating system's vendor site.
 
What to Do When You Receive a Warning      
Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org/. If there is no PGP signature, check at this and other hoax sites to see if the warning has already been declared as a hoax. If you do not find the warning at the hoax sites, it just may mean that we have not yet seen this particular hoax. See if the warning includes the name of the person submitting the original warning. If it does, see if you can determine if the person really exists. If they do, don't send them an e-mail message. It is likely that they have nothing to do with this hoax and thousands of people sending them questions will be just as damaging to them as sending around the hoax message. Instead, check their personal or company web site. Often if a person has been the brunt of a hoax, that hoax message will be debunked on the person's company web site. If you still cannot determine if a message is real or a hoax, send it to your computer security manager, your ISP, or your incident response team and let them validate it.
 
« Start Prev 1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   Next  End»