|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013
Contents : Foreword : Ch01 : Ch02 : Ch03 : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13
Chapter 2: Social Aspects of Malware
Introduction
Checklist
Useful sites for checking new hoaxes
Some known hoaxes
"Join the Crew" Virus
Deeyenda Virus
Ghost.exe Warning
Supplement 1. Example of the header of CIAC bulletin
No snowflake in an avalanche ever feels responsible
- Stanislaus Lezczynski
Hoaxes can be viewed as a special kind of junk mail that parasite of panic reaction of many people assiciated with viruses. Most hoaxes contains information about non-existent computer viruses and/or Trojans. Sometimes bits of true information is mixed with large doze of fantasy.
Hoaxes are usually distributed via e-mail and often get inside large organizations e-mail systems. These hoaxes are as time consuming and costly to handle as real virus infections. Users are requested not to spread unconfirmed warnings about viruses and Trojans. If you receive an invalidated warning, don't resend it without checking with the HELPDESK and/or LAN support personnel.
The most popular 1997 hoaxes seems to be "Join the Crew" and "PenPaL". All known hoaxes are based on an implicit assumption that opening e-mail message will execute some malicious code (so called Trojan). While such concern is in general valid, this is NOT true for Netscape Messenger and Lotus Notes Mail as well as current versions of all other popular e-mail agents. Only non-patched version of Outlook 97 exhibited such behavior of the past.
For a Trojan hoarse to act or virus to spread, it must be executed. Reading a mail message can execute it only if the message is in HTML and full capabilities of HTML (JavaScript and Java) are enabled for messaging. For Microsoft additional danger represents AcriveX controls. Now the standard configuration usually exclude the possibility of such execution and in most corporation it is additionally hardened beyond blocking such execution.
Usually only explicit opening of attachments present some real danger. Typical example of such an execution is opening of a MS Word attachment. In this case if document contain auto-macros they will be executed and this is the way by which the macro viruses are propagated. Reading E-mail, using typical mail agents (such as Ms Mail, Notes, Netscape Navigator, etc.), will not activate malicious code even if it is delivered in or with the message.
The following checklist is useful for detecting hoaxes:
As for organization people tend to believe the warning from federal organizations or large computer companies(IBM, HP, etc.), because they should know about those things. One need to understand that even if message is not faked, in any large organization there are a lot of pople who do not have any undestanding of computer technology and that are eager to help others to avoid dangers ;-).
CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org. If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. Ask if he/she is passing on a rumor. If the address of the person does not exist or if there is any questions about the authenticity or the warning, consider it a hoax. Instead, send the warning about this hoax to the HELPDESK. Do not send it out to the world.
In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. For example checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip.
The hoax exists in a dosen of variants. Here is the variant that was found recently:
Please pass onto your staff!
WARNING!!! If you receive an e-mail titled "JOIN THE CREW" DO NOT open it! It will erase EVERYTHING on your hard drive! Send this letter out to as many people you can....this is a new virus and not many people know about it! This message was received this morning from IBM,and the Army National Guard, please share it with anyone that might access the Internet.
Several other variants exist. For example:
IMPORTANT - VIRUS Alert!!!
Take note !
Someone got an email, titled as JOIN THE CREW. It has erased his hard drive. Do not open up any mail that has this title. It will erase your whole hard drive.
This is a new email virus and not a lot of people know about it, just let everyone know, so they won’t be a victim. Please e-mail this to everyone you know!!!
Remember the title : JOIN THE CREW
First 2-3 sentences of the message can vary. In the latest incarnation message can be attributed to IBM. Recommendation J "Please share it with anyone that might access the Internet" can be present at the beginning of the message.
Here is one of the variants:
FYI!
Subject: Virus Alert
Importance: High
If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
reading it. Below is a little explanation of the message, and what it would
do to your PC if you were to read the message. If you have any questions or
concerns please contact SAF-IA Info Office on 697-5059.
This is a warning for all internet users - there is a dangerous virus
propagating across the Internet through an e-mail message entitled "PENPAL
GREETINGS!".
DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are
Interested in a PenPaL, but by the time you read this letter, it is too late.
The "Trojan horse" virus will have already infected the boot sector of your hard
drive, destroying all of the data present. It is a self-replicating virus,
and once the message is read, it will AUTOMATICALLY forward itself to anyone
who's e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY
the hard drive of anyone whose mail is in your inbox, and who's mail is in
their inbox, and so on. If this virus remains unchecked, it has the potential
to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!
And pass this message along to all of your friends and relatives, and the
other readers of the newsgroups and mailing lists which you are on, so that
they are not hurt by this dangerous virus!!!!
**********VIRUS ALERT**********
VERY IMPORTANT INFORMATION, PLEASE READ!
There is a computer virus that is being sent across the Internet. If
you receive an email message with the subject line "Deeyenda", DO NOT
read the message, DELETE it immediately!
Some miscreant is sending email under the title "Deeyenda" nationwide,
if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus
that rewrites your hard drive, obliterates anything on it. Please be
careful and forward this e-mail to anyone you care about.
Please read the message below.
Alex
-----------
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
The Internet community has again been plagued by another computer
virus. This message is being spread throughout the Internet, including
USENET posting, EMAIL, and other Internet activities. The reason for
all the attention is because of the nature of this virus and the
potential security risk it makes. Instead of a destructive Trojan
virus (like most viruses!), this virus referred to as Deeyenda Maddick,
performs a comprehensive search on your computer, looking for valuable
information, such as email and login passwords, credit cards, personal
inf., etc.
The Deeyenda virus also has the capability to stay memory resident
while running a host of applications and operation systems, such as
Windows 3.11 and Windows 95. What this means to Internet users is that
when a login and password are send to the server, this virus can copy
this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).
The reason for this warning is because the Deeyenda virus is virtually
undetectable. Once attacked your computer will be unsecure. Although
it can attack any O/S this virus is most likely to attack those users
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
Explorer 3.0+ which are running under Windows 95). Researchers at
Princeton University have found this virus on a number of World Wide
Web pagesand fear its spread.
Please pass this on, for we must alert the general public at the
security risks.
Variant1
Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there. There is a virus on
America Online being sent by E-Mail. If you get anything called "Good Times",
DON'T read it or download it. It is a virus that will erase your hard drive.
Forward this to all your friends. It may help them a lot.
Variant2
The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that
no program needs to be exchanged for a new computer to be infected.
It can be spread through the existing e-mail systems of the
InterNet. Once a computer is infected, one of several things can
happen. If the computer contains a hard drive, that will most
likely be destroyed. If the program is not stopped, the computer's
processor will be placed in an nth-complexity infinite binary loop
- which can severely damage the processor if left running that way
too long. Unfortunately, most novice computer users will not
realize what is happening until it is far too late.
The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warnin g grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal antivi rus procedure of scanning it before running it should be followed.
Subject: security breached by NaughtyRobot
This message was sent to you by NaughtyRobot, an Internet spider that
crawls into your server through a tiny hole in the World Wide Web.
NaughtyRobot exploits a security bug in HTTP and has visited your host
system to collect personal, private, and sensitive information.
It has captured your Email and physical addresses, as well as your phone
and credit card numbers. To protect yourself against the misuse of this
information, do the following:
1. alert your server SysOp,
2. contact your local police,
3. disconnect your telephone, and
4. report your credit cards as lost.
Act at once. Remember: only YOU can prevent DATA fires.
This has been a public service announcement from the makers of
NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
It has been two years since the "Good Times" email virus hoax was launched (See the Good Times Virus Hoax)and we're continuing to see new hoaxes patterned after this lame old hoax. The MMF (Make Money Fast) (hoax) warning is almost a direct copy of "Good Times" while Irina was apparently an
ill-advised publicity stunt.
The so-called "Irina virus" is a hoax. You may receive warnings about a "deadly new virus called Irina". Just as with "Good Times", there is a claim that this virus spreads via email and it's also claimed that it will damage your CPU. (Something that isn't possible to do via software.). This hoax apparently began as part of a media campaign in the UK. According to Graham Cluley of S&S (UK): "The entire hoax was orchestrated by Penguin Books as a publicity stunt for a new interactive book called "Irina".
According to the Daily Telegraph, Guy Gadney (the former head of electronic publishing at Penguin) sent out a bogus letter to newspapers and television stations giving a warning about the "Irina" virus. The message claimed to be from Professor Edward Pridedaux of the College of Slavonic Studies in London.
Prideaux is one of the main characters in the Irina book Penguin is planning to launch. Some newspapers received six copies of the bogus letter, all signed by Professor Prideaux, but making no mention of Penguin Books, a publicity campaign or that the warning was a PR stunt.
The hoax was eventually traced back to Penguin via the
envelopes used. The College of Slavonic Studies does not exist. But London's
School of Slavonic and East European Studies said it had been inundated with
calls to the fictitious Professor Prideaux."
According to virus myths expert, Rob Rosenberger, the first warnings came from a man named Lance Clarke, who claimed computers could contract this virus if a user read a UseNet message where the phrase "MAKE MONEY FAST" appears in the subject line. Lance Clarke admits he concocted the warning message as a hoax. He used the Good Times urban legend as the foundation for his MMF alert message. Clarke apparently got the idea from another person on UseNet's alt.folklore.urban newsgroup who jokingly said "I'm thinking about spreading the Good Times newbie-gooser around with a new title: 'The MAKE MONEY FAST Virus.'"
If you have been active on newsgroups or have simply had an email address for some time you have probably been receiving messages telling you how you can "Make Money Fast". This gets to be rather annoying for many of us and the hoax was no doubt a reaction to this annoyance.
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
………………………………….
< text of the message>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMzbOf7nzJzdsy3QZAQGbuAP/cWI0IQNicMjjodPXtF3ypgEEjwMTNO08
9GrGv4Ayrj8pkWa0hzP4zGU/5JSXiH4hUqEeNzfXUTOX7twi1SJsOdlMU1RBiTrx
GmaHzK3zpe5Q/uI0poRjpcFOAKjc7lKU8vjJGNsE61Ws7rp8UAfEYzopYLOmel3I
4lLxcoGYAcg=
=WXhU
-----END PGP SIGNATURE-----
Copyright 1998, Nikolai Bezroukov. Standard disclaimer applies. As long as this copyright notice is preserved, and any changes are clearly marked as such, the author gives his consent to republish and mirror this text.
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019
