Virues, Hoaxes and Other Gremlins from the Internet

By Raan Young

Raan Young is a founding member of O4R, former board member, and an assistant editor for Pro Facto. He works as a computer system/network consultant and has been involved with issues of system and network security for 15 years.

A computer virus, by strict definition, is a program which attaches itself to an existing legitimate program and is then executed by an unsuspecting user. The virus’s “payload” might range from reformatting the hard drive to giving a pop-up message, but the defining action is that it looks for other programs to infect—this is how it propagates.

     In the current world of the Internet and e-mail, the term “computer virus” now includes several elements which are, technically, not viruses. For example, a program that spreads by e-mailing itself to other victims, but does not attach itself to existing program files, is a worm, not a virus.

     A newer twist on the virus theme, and one of particular interest to skeptical readers, is the spread of virus warning hoaxes. These are e-mail warnings which purport to warn the recipients of a virus—but, in fact, the virus does not exist. These e-mails, in themselves, become a form of virus because they spread rapidly and in doing so use up resources. They can even lead the recipients to do damage to their own computers if the virus “removal” instructions are taken on faith.

     Recognizing a hoax is not trivial, but there are warning signs. Over-stated claims about the destructiveness of the virus, such as that it works on all computers, is undetectable, and so on, should be suspect. Another warning sign is an appeal to authority, such as a claim that the warning was issued by the FBI, etc. In general, the guidelines for recognizing an urban myth are applicable to recognizing hoax virus warnings.

     A sample hoax virus warning illustrates these points:

     If you receive an e-mail with a file called “California” do not open the file. The file contains the “WOBBLER” virus. This information was announced yesterday morning by IBM. The report says that ... This is a very dangerous virus, much worse than “Melissa” and there is NO remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it at this time.

     Note the appeal to authority (IBM), the over-stated claims about destruction (it is extremely unlikely that the “virus” could actually work on both Mac and PC computers), and the claim that there is no remedy.

     An excellent source for checking the validity of a warning is the virus library website maintained by Network Associates which allows you to look up any known virus, and it includes information on all known hoax warnings.

     In a particularly nasty hoax currently making the rounds, the e-mail recipient is instructed to search for and remove a given file. The claim is that this file is a virus and removing the file will “cure” the infection. In reality, the file is an obscure, but valid, part of the Windows 98 package. Yet more than one insufficiently-skeptical receiver of this “warning” not only passed it on, but followed its directions and removed the file.

     To avoid being part of a hoax, never pass on a warning until you have confirmed it with a knowledgeable source. Unless the warning comes from a source you know and trust (and I must emphasize that in most cases this does not include your friends), you are better off treating it with great suspicion.

     It should be noted that real viruses are getting more creative. One recently discovered virus pops up a window containing a political message about strife in Africa. Another attempts to identify child pornography files on the infected computer and then sends an e-mail to the FBI reporting the computer owner. (No, the FBI does not appreciate this “help.”) Yet another virus manages to disable Norton anti-virus scanning, thus hiding itself. Nor are viruses the only form of attack on your computer. Zombies are programs that allow your computer to be taken over by a machine somewhere else on the Internet, without you even being aware this has happened.

     As Dorothy once said, “I don’t think we are in Kansas anymore.”