A computer virus hoax is a message warning the recipients of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipients to forward it to everyone they know, but it can also be in the form of a pop-up window. [1] [2]
Most hoaxes are sensational in nature and easily identified by the fact that they indicate that the virus will do nearly impossible things, like blow up the recipient's computer and set it on fire, or less sensationally, delete everything on the user's computer. They often include fake announcements claimed to originate from reputable computer organizations together with mainstream news media. These bogus sources are quoted in order to give the hoax more credibility. Typically, the warnings use emotive language, stress the urgent nature of the threat and encourage readers to forward the message to other people as soon as possible. [2]
Virus hoaxes are usually harmless and accomplish nothing more than annoying people who identify it as a hoax and wasting the time of people who forward the message. Nevertheless, a number of hoaxes have warned users that vital system files are viruses and encourage the user to delete the file, possibly damaging the system. Examples of this type include the jdbgmgr.exe virus hoax and the SULFNBK.EXE hoax. [3] [4]
Some consider virus hoaxes and other chain e-mails to be a computer worm in and of themselves. They replicate by social engineering—exploiting users' concern, ignorance, and disinclination to investigate before acting.
Hoaxes are distinct from computer pranks, which are harmless programs that perform unwanted and annoying actions on a computer, such as randomly moving the mouse, turning the screen display upside down, etc.
Anti-virus specialists agree that recipients should delete virus hoaxes when they receive them, instead of forwarding them. [5] [6]
McAfee says:
We are advising users who receive the email to delete it and DO NOT pass it on as this is how an email HOAX propagates. [5]
F-Secure recommends:
Do not forward hoax messages.
Hoax warnings are typically scare alerts started by malicious people – and passed on by innocent individuals that think they are helping the community by spreading the warning.
Corporate users can get rid of the hoax problem by simply setting a strict company guideline: End users must not forward virus alarms. Ever. It's not the job of an end user anyway. If such message is received, end users could forward it to the IT department but not to anyone else. [6]
 |
| Name | Alias(es) | Origin | Author | Description |
|---|---|---|---|---|
| Antichrist | (none) | United Kingdom | Dylan Nicholas | A hoax that warned about a supposed virus discovered by Microsoft and McAfee named "Antichrist", telling the user that it is installed via an e-mail with the subject line: "SURPRISE?!!!!!!!!!!" after which it destroys the zeroth sector of the hard disk, rendering it unusable. [7] |
| AF/91 | April Fool's 1991 | United States | John Gantz | A 1991 InfoWorld article detailing a cyberweapon developed by the United States Intelligence Community for use against Iraq during the Gulf War, capable of "eating" a user's windows, that had spread past its intended target and "mutated" to be able to destroy the display of any computer with windowing technology, namely Windows 3.0. Intended as an April Fools' Day joke and never actually existed, but was mistakenly reported as a real cyberweapon (albeit without mentions of the spread and mutation) by several news organizations well into the early 2000s. [8] |
| Black in the White House | Black Muslim in the White House | Unknown | A chain message beginning around 2006. It begins with the message warning of a virus that hides in an attachment labeled "Black in White House" or something similar, saying that if the user opens it, then it opens an Olympic Torch that burns down the C disk. [9] | |
| Budweiser Frogs | BUDSAVER.EXE | Unknown | Unknown | Would supposedly erase the user's hard drive and steal the user's screen name and password. [10] |
| Goodtimes virus | (none) | Unknown | Unknown | Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. Was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes," hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves, were, in effect, virus-like. [11] |
| Invitation attachment | (Allright now/I'm just sayin) | United States | Jim Flanagan | An e-mail spam in 2006 that advised computer users to delete an email, with any type of attachment that stated "invitation" because it was a computer virus. This is also known as the Olympic Torch virus hoax (see below). [12] |
| Jdbgmgr.exe | (bear.a) | Unknown | Unknown | Involved an e-mail spam in 2002 that advised computer users to delete a file named jdbgmgr.exe because it was a computer virus. jdbgmgr.exe, which had a little teddy bear-like icon (The Microsoft Bear), was actually a valid Microsoft Windows file, the Debugger Registrar for Java (also known as Java Debug Manager, hence jdbgmgr). [3] |
| Life is beautiful | Life is wonderful | Brazil (first reported) | Supposedly a hacker with the alias "Life owner" or "Dono da vida" | Spread through the Internet around January 2001. It was a virus attached to an e-mail, which was spread around the Internet. The attached file was supposedly called "Life is beautiful.pps" or "La vita è bella.pps". [13] |
| NVISION DESIGN, INC. games ("Frogapult," "Elfbowl") | Sometimes included their other game "Y2KGame" | Unknown | Unknown | Programs were actual, legitimate computer games; author claimed that they were viruses which would "wipe out" the user's hard drive on Christmas. [14] |
| Olympic Torch | "Postcard" or "Postcard from Hallmark" | Unknown | Unknown | A series of e-mails first sent in February 2006. The "virus" referred to by the e-mail does not actually exist. The hoax e-mail warns recipients of a recent outbreak of "Olympic Torch" viruses, contained in e-mails titled "Invitation", which erase the hard disk of the user's computer when opened. The hoax email further purports the virus to be acknowledged by such reputable sources as CNN, McAfee, and Microsoft as one of the most dangerous viruses yet reported. This email, which was started in February 2006, is safe to delete when the user wants. [12] |
| SULFNBK.EXE Warning | none | Unknown | Unknown | SULFNBK.EXE (short for Setup Utility for Long File Name Backup) is an internal component of the Microsoft Windows operating system (in Windows 98 and Windows Me) for restoring long file names. The component became famous in the early 2000s as the subject of an e-mail hoax. The hoax claimed that SULFNBK.EXE was a virus, and contained instructions to locate and delete the file. While the instructions worked, they were needless and (in some rare cases, for example, when the long file names are damaged and need to be restored) can cause disruptions, as SULFNBK.EXE is not a virus, but instead an operating system component. [4] |
A telephone scam, commonly operated from call centres based in India, has been active since 2008. The victim is quoted his or her name and address, and is told: "I'm calling for Microsoft (or an entity that sounds like it is connected to Microsoft, such as the "Windows Service Center" or "Windows Technical Department"). We've had a report from your internet service provider of serious virus problems from your Windows computer." The victim is then directed to open the Windows event viewer, which displays apparently critical warnings, and is directed to a website to download an application to allow the scammer to control his or her computer remotely. The caller supposedly fixes the problems and demands a fee for the service. In addition to the fraudulent fee, the process usually enables malware to be uploaded to the victim's computer. [15]
The virus hoax has become part of the culture of the twenty-first century and the gullibility of novice computer users convinced to delete files on the basis of hoaxes has been parodied in several popular jokes and songs.
One such parody is "Weird Al" Yankovic's song "Virus Alert" from the album Straight Outta Lynwood . The song makes fun of the exaggerated claims that are made in virus hoaxes, such as legally changing your name or opening a rift in time and space. [16]
Another parody of virus hoaxes is the honor system virus which has been circulated under the name Amish Computer Virus, manual virus, the Blond Computer Virus, the Irish Computer Virus, the Syrian Computer Virus, the Norwegian Computer Virus, Albanian Virus, Newfie Virus, the Unix Computer Virus, the Mac OS 9 virus, Discount virus and many others. This joke email claims to be authored by the Amish or other similar low-technology populations who have no computers, programming skills or electricity to create viruses and thus ask users to delete their own hard drive contents manually after forwarding the message to their friends. [17]
The Tuxissa virus is another parody of the virus hoax, based on the concept of the Melissa virus, but with its aim of installing Linux on the victim's computer without the owner's permission. The story says that it was spread via e-mail, contained in a message titled "Important Message About Windows Security". It was supposed to first spread the virus to other computers, then download a stripped-down version of Slackware and uncompress it onto the hard disk. The Windows Registry is finally deleted and the boot options changed. The virus then reboots the computer, leaving the user facing the Linux login prompt with all their Windows security problems solved. [18]
The Goodtimes virus, also styled as Good Times virus, was a computer virus hoax that spread during the early years of the Internet's popularity. Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes", hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves were, in effect, virus-like. In 1997 the Cult of the Dead Cow hacker collective announced that they had been responsible for the perpetration of the "Good Times" virus hoax as an exercise to "prove the gullibility of self-proclaimed 'experts' on the Internet".
A chain letter is a message that attempts to convince the recipient to make a number of copies and pass them on to a certain number of recipients. The "chain" is an exponentially growing pyramid that cannot be sustained indefinitely.
Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.
AIDS is a DOS computer virus which overwrites COM files.
Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.
Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.
SULFNBK.EXE is an internal component of the Microsoft Windows operating system for restoring long file names.
Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Tuxissa is a fictional computer virus hoax made up by Humorix, a humor website on Linux.
Bad Times is a computer virus hoax sent out by e-mail. This "virus" does not actually exist, and the "warning" is meant to parody the alarmist message that spread the hoax of the Goodtimes virus hoax.
CTX is a computer virus created in Spain in 1999. CTX was initially discovered as part of the Cholera worm, with which the author intentionally infected with CTX. Although the Cholera worm had the capability to send itself via email, the CTX worm quickly surpassed it in prevalence. Cholera is now considered obsolete, while CTX remains in the field, albeit with only rare discoveries.
The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.
W32.Navidad is a mass-mailing worm program or virus, discovered in December 2000 that ran on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It was designed to spread through email clients such as Microsoft Outlook while masquerading as an executable electronic Christmas card. Infected computers can be identified by blue eye icons which appear in the Windows system tray.
Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.
The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:
Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.
The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, a creature from the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.
Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.
The jdbgmgr.exe virus hoax involved an e-mail spam in 2002 that advised computer users to delete a file named jdbgmgr.exe because it was a computer virus. jdbgmgr.exe, which had a little teddy bear like icon, was actually a valid Microsoft Windows file, the Debugger Registrar for Java.