I don’t, in general, have much time for virus writers: not, at any rate, the guys who can’t keep their creations to themselves, and don’t care if they cause damage. They’re not all like that, of course: I’ve talked to virus writers who seem nice enough guys, and even to some who are almost as clever as they think they are. Cyber criminals, scammers, phishing gangs and so on, preying on the rest of us, are contemptible, but in a society that equates worth with wealth, theft is understandable. But I sometimes like to think that there is a special corner of hell reserved for hoaxers who make themselves feel special by exploiting the good intentions of other people, for instance by getting them to spread chain mail in the belief that they’re doing something that benefits others. Some hoaxes (or semi-hoaxes) arise out of genuine misunderstandings and misconceptions, of course. However, many are started by an individual who feels that he’s proved himself superior to the rest of us, every time his victims are made to feel stupid when they realize they’ve been hoaxed.
Virus hoaxes have been around almost as long as computer viruses: in fact, I sometimes think the hoaxes will outlive the real thing. I’ve seen some instances this week of one that’s quite interesting, though: it actually gives as "corroboration" a link to snopes.com, where many a hoax is described. The trouble is that the Snopes link actually describes a series of emails spammed out last summer in a bid to spread our old friend Nuwar, whereas the "virus" described by the hoax mail is largely a recycling of the old "Olympic Torch" hoax, and is described like this:
"You should be alert during the next few days. Do not open any message with an attachment entitled ‘POSTCARD,’ regardless of who sent it to you.
It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole hard disc C of your computer.
This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.
If you receive a mail called’ POSTCARD,’ even though sent to you by a friend, do not open it.! Shut down your computer immediately.
This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept."
Some versions of this hoax, however, do something even more interesting. They include "instructions" on how to forward email "properly". Some of the advice is naive, some is OK. In fact, checking a virus alert before you forward it is a pretty good idea, though in the corporate world, we tend to think that it’s an even better idea not to forward even a genuine alert unless you’re authorized to. It even suggests that you check out virus alerts with snopes.com. Unfortunately, it then suggests that the advice is so good that it should be forwarded to everyone you know. Well, there may be occasions where a chain letter is justified, but this isn’t it.
Of course, here at ESET we mostly focus on real malware rather than viruses that don’t actually exist. However, much of my previous career has been concerned with hoax management, and I plan to return to this subject before too long.
Update: hopefully, no-one is going to read this and think, "Oh, so virtual postcards aren’t a threat then." Especially if they read Randy’s posts last year about the problems with eCards, eVites and other eVils. But just to reinforce the point, I notice that we’re enjoying another wave of Nuwar/Storm mails with subjects like "Someone sent you an ecard!" or "We have an ecard greeting for you." Happily, even Storm isn’t going to set fire to your hard disk, but there are plenty of other unhappy consequences of being "botted" (bot-infected). Normal cautions and caveats apply….
Author David Harley, ESET