[Cybertalk logo] Copyright (c) 1998 by Timothy C. Barmann. This article is intended for personal viewing only and may not be re-distributed in any form. Please e-mail link requests.

March 29, 1998

April Fools' Day likely to
bring outbreak of virus hoaxes

By Timothy C. Barmann

Perhaps you also got the ominous E-mail message that Mary Lynn Poole received. It warned of some especially devious and malicious viruses circulating on the Internet.

The message cautioned against reading any E-mail with the subject "JOIN THE CREW" because doing so will erase your hard drive, the warning said. It also said to immediately delete any message with the subject "RETURNED OR UNABLE TO DELIVER." Reading those messages could cause a virus to "attach itself to your computer components and render them useless," the warning said.

Pretty scary stuff, Poole thought. She's a Providence software developer and she's been hit with a virus before. This one sounded real, she said, especially since it was forwarded to her by a Brown University professor.

So she forwarded the warning to dozens of her colleagues. At the top of it, she wrote, "I received this from Brown University and am passing this along to everyone."

It turns out that the virus warning was phony. And Poole unwittingly helped to spread another virus hoax.

There are a plethora of virus hoaxes and fabricated stories that continually get passed through the Internet, usually by well-meaning people.

The details change somewhat over time, but the message is usually the same: there's an evil virus going around and your computer is in imminent danger; tell everyone you know.

Viruses certainly exist and precautions should be taken against them. But it seems that you are much more likely to get a virus hoax than a real one. The U.S. Energy Department's computer-response team, called CIAC, says it spends more time debunking virus hoaxes that it does in handling real viruses.

With April Fools' Day just around the corner, there's a good chance you might find one of these fabrications in your E-mail box.

Some of them make for interesting reading. Take the "Internet Downtime" alert.

"As many of you know, each leap year the Internet must be shut down for 24 hours in order to allow us to clean it," the unsigned message says. "The cleaning process, which eliminates dead email and inactive FTP, WWW and gopher sites, allows for a better-working and faster Internet."

The message goes on to instruct you not to connect to the Internet on the day the "cleaning" takes place. "During that 24-hour period, five powerful Internet-crawling robots situated around the world will search the Internet and delete any data that they find."

Of course, there is no such maintenance. If no computers connect to the Internet on a particular day, there would be nothing to "clean."

Then there is the America Online "cookie" hoax message. That warning was purportedly written by a former AOL programmer. He wrote that he and other AOL employees were fired when they discovered that the on-line giant had supposedly included a sinister feature in its latest connection software: the ability to explore its subscriber's hard drives. AOL quickly dispelled that rumor, and experts agreed that it would be impossible to access a subscriber's hard drive in the method the warning described.

How do these things get started?

The Daily Telegraph of London reported in September 1996 that one such hoax was originated by the former head of electronic publishing at Penguin Books. The executive sent out a bogus letter to newspapers and televisions stations with claims that a virus called "Irina" was being passed along through E-mail messages which, like the others, would do terrible things to your computer.

The newspaper reported that Penguin had done it as a publicity stunt to draw attention to an interactive book called Irina.

Many of these hoaxes play on the paranoia most people have about catching a real computer virus, which in fact can cause the kind of damage that some of the hoaxes describe.

What makes some of them believable, such as the "join the crew" warning that Poole received is that it is possible to catch a "macro" virus from an E-mail message.

While traditional viruses hide themselves inside computer programs, which have to be executed in order in infect a computer, "macro" viruses hide inside mini-programs that are attached to word processing documents and spreadsheets.

But you can't get a macro virus just by reading an E-mail message. You have to open up a word processing program or a spreadsheet program and load the document attached to the E-mail in order to become infected.

So how can you tell the real warnings from the hoaxes?

A good clue is if the warning has a lot of exclamation points and uses all capital letters: "DON'T DOWNLOAD AOL 4.0 UNDER ANY CONDITION !!!" (That's from the America Online "cookie" hoax.)

Hoaxes usually urge you to pass it along to as many people as possible.

The Department of Energy's CIAC response team Web site says that successful hoaxes often have two features: technical-sounding language, and credibility by association.

Take one of the most famous hoaxes, "Good Times," which has been circulating since 1994. "If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor."

CIAC says that is just nonsense.

The "join the crew" hoax that Poole received certainly had credibility. The warning claimed that both IBM and AOL had issued warnings about the supposed E-mail virus. To top it off, Poole received it from a Brown professor, who believed it came from the university's computer center.

That professor, however, learned later that the message originated from a secretary and not from the computer center, according to Poole.

The CIAC recommends that rather than circulate virus warnings you get, instead notify your computer system security administrator, or your Internet service provider.

You can also just do some research. Check out some of the credible sources of virus information, such as the Web sites listed below.

If you don't investigate these dire warnings before passing them along to your friends, its possible you have already caught the "gullibility virus."

Timothy C. Barmann is a Journal-Bulletin staff writer. His column runs every other Sunday on the Computers and Technology page. Send him comments via e-mail at tim@cybertalk.com or U.S. mail, c/o the Journal-Bulletin, 75 Fountain St., Providence, R.I. 02902.