There are a lot of viruses out there. There are also a lot of hoaxes that prey on the gullible people of the world. I have not found a conclusive reason why someone would create a hoax. I think that maybe they feel some sense of power when they create a hoax and then watch it grow. Maybe they get a thrill when they get the hoax back from their friends. Whatever the case, these hoaxes should not be passed on by you. If you receive an e-mail telling you about a new virus that has been discovered you need to find out if indeed this is a virus before passing the message on. There are plenty of sites available on the Internet that list the various hoaxes that are out there. McAfee’s site for the hoaxes is <http://vil.nai.com/VIL/hoaxes.asp>. Norton’s section of the site devoted to hoaxes is <http://securityresponse.symantec.com/avcenter/hoax.html>. Most of the other antivirus vendors also have a page the will list all of the hoaxes that are known. 

You can go to one of these sites before you forward the e-mail and check to see if someone is trying to make a fool out of you. Most likely you will find that the e-mail you received has been floating around the net for many months and in some cases for a few years. One of the first known virus hoaxes began circulating in October of 1988 according to Ferbrache (A pathology of Computer Viruses Springer, London, 1992). The 2400 baud modem virus told the story of a virus that was transmitted on the modem sub-carrier present in all 2400 baud and up modems. It went on to tell how the virus would then attach itself to all the incoming binary data and then infect the computer’s hard disk. Another user then sent an e-mail telling of the virus that comes in through the powerline. This one was obviously someone who thought the modem virus was pretty bogus and decided to have a little fun. This seems to be the birth of the computer virus hoaxes that we all have to enjoy today. This information came from a site that I found while researching this article <http://hoaxbusters.ciac.org>. This site has a wealth of information on many of the hoaxes that abound as well as quite a few links to fixes for some of the operating system vulnerabilities.

One of the more common hoaxes that is going around these days refers to a file that could be on your computer and will lie dormant until it becomes active on June 1^st. The file in question, SULFNBK.EXE, is a Microsoft Windows utility that is used to restore long file names. This file could become infected by any number of viruses that infect exe files but its’ existence alone does not mean that you have a virus. This hoax was started sometime in April of 2001 and has been going strong since then. I am constantly amazed at how many people have received this message and then carried out the instructions as well as forwarding the message without the slightest effort to check it out. 

Many of the hoaxes as well as the chain letters seem to have a life of their own on AOL. One of my favorites would have to be the America Online Flashnews Hoax. This e-mail was written as a letter from Steve Case, Chairman of AOL. It went into a short explanation that a former employee had left a virus in their database that had breached the AOL system. The letter went on to say that AOL needed the help of the members to correct the problem and if they would simply Reply to the message and enter their logon password, AOL would be able to correct the problem. This is something that AOL as well as any other ISP that is worth a flip would never do. If you have ever talked to the tech support people at one of these places you would know that it is next to impossible to get them to divulge a password to you over the phone. Most of the times they do not have access to the password and the only thing that they can do is to reset it with a new one. Never give your password to anyone on the phone or through an e-mail. There is no reason that anyone should need to know your password except for me when I am trying to get into your system so I can fix it.

There are too many hoaxes to list all of them here so if you get one of these e-mails take a minute to think about it before you forward it to everyone you know. Take a key phrase from the e-mail and look it up at one of the Antivirus vendors Websites. Search for the phrase on your favorite search engine. If you look up SULFNBK.EXE on Google you will get about 11,400 hits. The first page includes links to Norton, McAfee, F-Secure and Hoaxbusters all with information about the e-mail hoax. If you are not able to get the information from the vendor sites or the search engines, forward the message to your computer security manager to validate. Most of the IT managers would rather have you send it to them first instead of clogging the mail system with junk mail. If you send it to 10 people and they send it to 10 people and so on for 6 generations you will have created about 1,000,000 e-mails. Then we can start counting the cash for all the wasted time.