U.S. Department of Energy Computer Incident Advisory Capability Hoaxes

Internet Hoaxes

Hoaxes described on this page: PKZ300, Irina, Good Times, Good Times Spoof,
Deeyenda, Ghost , PENPAL GREETINGS!, Make Money Fast, NaughtyRobot,
AOL4FREE, Join the Crew

Last modified: Tuesday, 05-Aug-97 12:12:00 PDT You are the 351215th
visitor to this page.

For information on Internet Chain Letters, check the New CIAC web page
located at http://ciac.llnl.gov/ciac/CIACChainLetters.html

The Internet is constantly being flooded with information about computer
viruses and Trojans. However, interspersed among real virus notices are
computer virus hoaxes. While these hoaxes do not infect systems, they are

still time consuming and costly to handle. At CIAC, we find that we are
spending much more time de-bunking hoaxes than handling real virus
incidents. This page describes many of the hoax warnings that are found on
the Internet today. We will also address some of the history of hoaxes on
the Internet, how to identify a new hoax warning, how to identify a
validated warning and what to do if you think a message is a hoax.

Users are requested to please not spread unconfirmed warnings about viruses
and Trojans. If you receive an unvalidated warning, don’t pass it to all
your friends, pass it to your computer security manager to validate first.
Validated warnings from the incident response teams and antivirus vendors
have valid return addresses and are usually PGP signed with the
organization’s key.

—————————————————————————-

PKZ300 Warning

The PKZ300 Trojan is a real Trojan program, but the initial warning about it
was released over a year ago. For information pertaining to PKZ300 Trojan
reference CIAC Notes issue 95-10, at
http://ciac.llnl.gov/ciac/notes/Notes10.shtml that was released in June of
1995. The warning itself, on the other hand, is gaining urban legend status.
There has been an extremely limited number of sightings of this Trojan and
those appeared over a year ago. Even though the Trojan warning is real, the
repeated circulation of the warning is a nuisance. Individuals who need the
current release of PKZIP should visit the PKWare web page at
http://www.pkware.com. CIAC recommends that you DO NOT recirculate the
warning about this particular Trojan.

The following is the true warning about PKZ300 from the PKWare web site:

!!! PKZIP Trojan Horse Version – (Originally Posted May 1995) !!!

It has come to the attention of PKWARE that a fake version of PKZIP is being
distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an offical version from
PKWARE and it will attempt to erase your hard drive if run. It attempts to
perform a deletion of all the directories of your current drive. If you have
any information as to the creators of this trojan horse, PKWARE would be
extremely interested to hear from you. If you have any other questions about
this fake version, please e-mail support@pkware.com

—————————————————————————-

Irina Virus Hoax

The “Irina” virus warnings are a hoax. The former head of an electronic
publishing company circulated the warning to create publicity for a new
interactive book by the same name. The publishing company has apologized for
the publicity stunt that backfired and panicked Internet users worldwide.
The original warning claimed to be from a Professor Edward Pridedaux of the
College of Slavic Studies in London; there is no such person or college.
However, London’s School of Slavonic and East European Studies has been
inundated with calls. This poorly thought-out publicity stunt was highly
irresponsible. For more information pertaining to this hoax, reference the
UK Daily Telegraph at http://www.telegraph.co.uk. The original hoax message
is as follows:

FYI
There is a computer virus that is being sent across the Internet.
If you receive an e-mail message with the subject line “Irina”, DONOT
read the message. DELETE it immediately.
Some miscreant is sending people files under the title “Irina”. If
you receive this mail or file, do not download it. It has a virus
that rewrites your hard drive, obliterating anything on it. Please be
careful and forward this mail to anyone you care about.

( Information received from the Professor Edward Prideaux, College of
Slavonic Studies, London ).

—————————————————————————-

Good Times Virus Hoax

The “Good Times” virus warnings are a hoax. There is no virus by that name
in existence today. These warnings have been circulating the Internet for
years. The user community must become aware that it is unlikely that a virus
can be constructed to behave in the manner ascribed in the “Good Times”
virus warning.

CIAC first described the Good Times Hoax in CIAC NOTES 94-04c released in
December 1994 and described it again in CIAC NOTES 95-09 in April 1995. More
information is in the Good_Times FAQ
(http://www-mcb.ucdavis.edu/info/virus.html) written by Les Jones.

The original “Good Times” message that was posted and circulated in November
and December of 1994 contained the following warning:

Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there. There is a virus on
America Online being sent by E-Mail. If you get anything called “Good Times”,
DON’T read it or download it. It is a virus that will erase your hard drive.
Forward this to all your friends. It may help them a lot.

Soon after the release of CIAC NOTES 04, another “Good Times” message was
circulated. This is the same message that is being circulated during this
recent “Good Times” rebirth. This message includes a claim that the Federal
Communications Commission (FCC) released a warning about the danger of the
“Good Times” virus, but the FCC did not and will not ever issue a virus
warning. It is not their job to do so. See the FCC Public Notice 5036. The
following is the expanded “Good Times” hoax message:

The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.

What makes this virus so terrifying, said the FCC, is the fact that
no program needs to be exchanged for a new computer to be infected.
It can be spread through the existing e-mail systems of the
InterNet. Once a computer is infected, one of several things can
happen. If the computer contains a hard drive, that will most
likely be destroyed. If the program is not stopped, the computer’s
processor will be placed in an nth-complexity infinite binary loop
– which can severely damage the processor if left running that way
too long. Unfortunately, most novice computer users will not
realize what is happening until it is far too late.

—————————————————————————-

Good Times Spoof

The following spoof of the good times hoax is too well done not to include
here. The author of this spoof is unknown, but we will gladly give him
credit if he will only contact us.

READ THIS:

Goodtimes will re-write your hard drive. Not only that, but
it will scramble any disks that are even close to your computer. It
will recalibrate your refrigerator’s coolness setting so all your ice
cream goes melty. It will demagnetize the strips on all your credit
cards, screw up the tracking on your television and use subspace field
harmonics to scratch any CD’s you try to play.

It will give your ex-girlfriend your new phone number. It
will mix Kool-aid into your fishtank. It will drink all your beer and
leave its socks out on the coffee table when there’s company coming
over. It will put a dead kitten in the back pocket of your good suit
pants and hide your car keys when you are late for work.

Goodtimes will make you fall in love with a penguin. It will
give you nightmares about circus midgets. It will pour sugar in your
gas tank and shave off both your eyebrows while dating your
girlfriend behind your back and billing the dinner and hotel room to
your Discover card.

It will seduce your grandmother. It does not matter if she
is dead, such is the power of Goodtimes, it reaches out beyond the
grave to sully those things we hold most dear.

It moves your car randomly around parking lots so you can’t
find it. It will kick your dog. It will leave libidinous messages on
your boss’s voice mail in your voice! It is insidious and subtle. It
is dangerous and terrifying to behold. It is also a rather
interesting shade of mauve.

Goodtimes will give you Dutch Elm disease. It will leave the
toilet seat up. It will make a batch of Methanphedime in your bathtub
and then leave bacon cooking on the stove while it goes out to chase
gradeschoolers with your new snowblower.

Listen to me. Goodtimes does not exist.

It cannot do anything to you. But I can. I am sending this
message to everyone in the world. Tell your friends, tell your
family. If anyone else sends me another E-mail about this fake
Goodtimes Virus, I will turn hating them into a religion. I will do
things to them that would make a horsehead in your bed look like
Easter Sunday brunch.

So there, take that Good Times.
—————————————————————————-

Deeyenda Virus Hoax

The following “Deeyenda” virus warning is a hoax. CIAC has received
inqueries regarding the validity of the Deeyenda virus. The warnings are
very similar to those for Good Times, stating that the FCC issued a warning
about it, and that it is self activating and can destroy the contents of a
machine just by being downloaded. Users should note that the FCC does not
and will not issue virus or Trojan warnings. It is not their job to do so.
As of this date, there are no known viruses with the name Deeyenda in
existence. For a virus to spread, it must be executed. Reading a mail
message does not execute the mail message. Trojans and viruses have been
found as executable attachments to mail messages, but they must be extracted
and executed to do any harm. CIAC still affirms that reading E-mail, using
typical mail agents, can not activate malicious code delivered in or with
the message.

**********VIRUS ALERT**********

VERY IMPORTANT INFORMATION, PLEASE READ!

There is a computer virus that is being sent across the Internet. If
you receive an email message with the subject line “Deeyenda”, DO NOT
read the message, DELETE it immediately!

Some miscreant is sending email under the title “Deeyenda” nationwide,
if you get anything like this DON’T DOWNLOAD THE FILE! It has a virus
that rewrites your hard drive, obliterates anything on it. Please be
careful and forward this e-mail to anyone you care about.

Please read the message below.

Alex

———–

FCC WARNING!!!!! —–DEEYENDA PLAGUES INTERNET

The Internet community has again been plagued by another computer
virus. This message is being spread throughout the Internet, including
USENET posting, EMAIL, and other Internet activities. The reason for
all the attention is because of the nature of this virus and the
potential security risk it makes. Instead of a destructive Trojan
virus (like most viruses!), this virus referred to as Deeyenda Maddick,
performs a comprehensive search on your computer, looking for valuable
information, such as email and login passwords, credit cards, personal
inf., etc.

The Deeyenda virus also has the capability to stay memory resident
while running a host of applications and operation systems, such as
Windows 3.11 and Windows 95. What this means to Internet users is that
when a login and password are send to the server, this virus can copy
this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).

The reason for this warning is because the Deeyenda virus is virtually
undetectable. Once attacked your computer will be unsecure. Although
it can attack any O/S this virus is most likely to attack those users
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
Explorer 3.0+ which are running under Windows 95). Researchers at
Princeton University have found this virus on a number of World Wide
Web pagesand fear its spread.

Please pass this on, for we must alert the general public at the
security risks.

—————————————————————————-

Ghost.exe Warning

The Ghost.exe program was originally distributed as a free screen saver
containing some advertising information for the author’s company (Access
Softek). The program opens a window that shows a Halloween background with
ghosts flying around the screen. On any Friday the 13th, the program window
title changes and the ghosts fly off the window and around the screen.
Someone apparently got worried and sent a message indicating that this might
be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan
that would destroy your hard drive and the developers got a lot of nasty
phone calls (their names and phone numbers were in the About box of the
program.) A simple phone call to the number listed in the program would have
stopped this warning from being sent out. The original ghost.exe program is
just cute; it does not do anything damaging. Note that this does not mean
that ghost could not be infected with a virus that does do damage, so the
normal antivirus procedure of scanning it before running it should be
followed.
—————————————————————————-

PENPAL GREETINGS! Warning Hoax

The PENPAL GREETINGS! Hoax shown below appears to be an attempt to kill an
e-mail chain letter by claiming that it is a self starting Trojan that
destroys your hard drive and then sends copies of itself to everyone whose
address in in your mailbox. Reading an e-mail message does not run it nor
does it run any attachments, so this Trojan must be self starting. Aside
from the fact that a program cannot start itself, the Trojan would also have
to know about every different kind of e-mail program to be able to forward
copies of itself to other people. This warning is totally a hoax.

FYI!

Subject: Virus Alert
Importance: High
If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
reading it. Below is a little explanation of the message, and what it would
do to your PC if you were to read the message. If you have any questions or
concerns please contact SAF-IA Info Office on 697-5059.

This is a warning for all internet users – there is a dangerous virus
propogating across the internet through an e-mail message entitled “PENPAL
GREETINGS!”.
DO NOT DOWNLOAD ANY MESSAGE ENTITLED “PENPAL GREETINGS!”
This message appears to be a friendly letter asking you if you are
interestedin a penpal, but by the time you read this letter, it is too late.
The “trojan horse” virus will have already infected the boot sector of your hard
drive, destroying all of the data present. It is a self-replicating virus,
and once the message is read, it will AUTOMATICALLY forward itself to anyone
who’s e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY
the hard drive of anyone whose mail is in your inbox, and who’s mail is in
their inbox, and so on. If this virus remains unchecked, it has the potential
to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled “PENPAL GREETINGS!” as soon as you see it!
And pass this message along to all of your friends and relatives, and the
other readers of the newsgroups and mailing lists which you are on, so that
they are not hurt by this dangerous virus!!!!

—————————————————————————-

Make Money Fast Hoax Warning

The Make Money Fast Warning Hoax appears to be similar to the PENPAL
GREETINGS! Warning in that it is a hoax warning message that is attempting
to kill an e-mail chain letter. While laudable in its intent, the hoax
warning has caused as much or more problems than the chain letter it is
attempting to kill.

—————————————————————————-

NaughtyRobot

Quite a few Web site administrators have received email messages that seem
to be originating from the same machine hosting the Web site. The email
headers are apparently being forged to hide the original sender of the
message. The mail being received contains the following:

Subject: security breached by NaughtyRobot

This message was sent to you by NaughtyRobot, an Internet spider that
crawls into your server through a tiny hole in the World Wide Web.

NaughtyRobot exploits a security bug in HTTP and has visited your host
system to collect personal, private, and sensitive information.

It has captured your Email and physical addresses, as well as your phone
and credit card numbers. To protect yourself against the misuse of this
information, do the following:

1. alert your server SysOp,
2. contact your local police,
3. disconnect your telephone, and
4. report your credit cards as lost.

Act at once. Remember: only YOU can prevent DATA fires.

This has been a public service announcement from the makers of
NaughtyRobot — CarJacking its way onto the Information SuperHighway.

The NaughtyRobot email message appears to be a hoax. There is no indication
that any of the problems described in the body have taken place on any
machine.

—————————————————————————-

Join the Crew

Circulating the Internet is an email message entitled “Join the Crew”. For a
virus to spread, it must be executed. Reading a mail message does not
execute the mail message. Trojans and viruses have been found as executable
attachments to mail messages, but they must be extracted and executed to do
any harm. CIAC still affirms that reading E-mail, using typical mail agents,
can not activate malicious code delivered in or with the message.

IMPORTANT – VIRUS Alert!!!

Take note !

Someone got an email, titled as JOIN THE CREW.
It has erased his hard drive.
Do not open up any mail that has this title.
It will erase your whole hard drive.
This is a new email virus and not a lot of people know about it,
just let everyone know, so they won’t be a victim.

Please e-mail this to everyone you know!!!
Remember the title : JOIN THE CREW

Variants of this email message are circulating the Internet. If you receive
an email message entitled “Join the Crew” and it has an attachment, CIAC
recommends that you delete the message and the attachment. If you receive
just the message, delete the message. Please DO NOT circulate unvalidated
virus alerts.

—————————————————————————-

AOL4FREE

AOL4FREE actually consists of three separate, independent items:

1. The AOL4FREE Macintosh Program for gaining fraudulent accounts on AOL.
2. The AOL4FREE Virus Warning Hoax.
3. The AOL4FREE.COM Trojan horse program that deletes all the files on
your hard drive.

The AOL4FREE Macintosh Program was originally written to provide illegal
free access to America Online. In the March 1997 issue of the CSI Computer
Security Alert the following statement was made concerning the creator of
that program:

“A former Yale computer science student has pleaded guilty to
defrauding America Online. AOL estimates it lost between $40,000
and $70,000 in service charges because the student distributed his
computer program, AOL4FREE, to hundreds of other users.”

Note that any attempt to use the original AOL4FREE.COM program may subject
you to prosecution.

The second item is the AOL4FREE Virus Warning Hoax message. The following
message has been circulating around the Internet, warning of a virus
infected e-mail message:

************************************************************************************

VIRUS ALERT!!!
DON’T OPEN E-MAIL NOTING “AOL4FREE”

Anyone who receives this must send it to as many people as you can. It
is essential that this problem be reconciled as soon as possible. A few
hours ago, I opened an E-mail that had the subject heading of “AOL4FREE.COM”.
Within seconds of opening it, a window appeared and began to display my files
that were being deleted. I immediately shut down my computer, but it was too
late. This virus wiped me out. It ate the Anti-Virus Software that comes with
the Windows ’95 Program along with F-Prot AVS. Neither was able to detect it.
Please be careful and send this to as many people as possible, so maybe this
new virus can be eliminated.

************************************************************************************

This message has several problems that identify it as a hoax.

1. A virus like program can not spread in an e-mail message. While an
infected program could be attached to an e-mail message, the e-mail
message itself cannot contain one in any form that could be executed.
2. A virus or Trojan horse program can not infect a system by simply being
read. The current mail readers do not execute an e-mail message, they
display it on the screen for you to read. You must take care when
downloading an attachment to an e-mail message. In some mail readers
you can double click on the attachment icon to have it extracted and
opened by whatever program created it. If that attachment is a program,
it is downloaded and run, and running any program you have not scanned
could cause you to be infected with a virus.
3. While this warning message is a hoax, the things it describes could be
accomplished with a Trojan horse program. That Trojan horse could then
be attached to an e-mail message and if the reader downloads and
executes the Trojan horse program, it could do the damage described in
this message. In fact, someone has done that as is explained below.

The third item is the AOL4FREE.COM Trojan Horse. This program appears to be
the AOL4FREE program that creates fraudulent AOL accounts (though it is a
DOS program instead of a Macintosh program) but is actually a simple
compiled DOS batch file that runs the DOS DELTREE command on the C:\
directory of a DOS/Windows machine. The DELTREE command deletes all files in
a directory, including the directory itself and any subdirectories in that
directory. The effect is to delete all files on the C: drive of a
DOS/Windows machine. If you should come across this program from any source,
do not run it. For more information see CIAC Bulletin H-47a: AOL4FREE.COM
Trojan Horse Program Destroys Hard Drives.

CIAC ALWAYS recommends that software downloaded onto a computer from any
source (BBS, e-mail attachment, floppy, web) be scanned with antivirus
software prior to being run. Note that most antivirus software does not
detect Trojans, so it is important to know where your software came from
before executing it.

—————————————————————————-

History of Virus Hoaxes

Since 1988, computer virus hoaxes have been circulating the Internet. In
October of that year, according to Ferbrache (“A pathology of Computer
Viruses” Springer, London, 1992) one of the first virus hoaxes was the 2400
baud modem virus:

SUBJ: Really Nasty Virus
AREA: GENERAL (1)

I’ve just discovered probably the world’s worst computer virus
yet. I had just finished a late night session of BBS’ing and file
treading when I exited Telix 3 and attempted to run pkxarc to
unarc the software I had downloaded. Next thing I knew my hard
disk was seeking all over and it was apparently writing random
sectors. Thank god for strong coffee and a recent backup.
Everything was back to normal, so I called the BBS again and
downloaded a file. When I went to use ddir to list the directory,
my hard disk was getting trashed again. I tried Procomm Plus TD
and also PC Talk 3. Same results every time. Something was up so I
hooked up to my test equipment and different modems (I do research
and development for a local computer telecommunications company
and have an in-house lab at my disposal). After another hour of
corrupted hard drives I found what I think is the world’s worst
computer virus yet. The virus distributes itself on the modem sub-
carrier present in all 2400 baud and up modems. The sub-carrier is
used for ROM and register debugging purposes only, and otherwise
serves no othr (sp) purpose. The virus sets a bit pattern in one
of the internal modem registers, but it seemed to screw up the
other registers on my USR. A modem that has been “infected” with
this virus will then transmit the virus to other modems that use a
subcarrier (I suppose those who use 300 and 1200 baud modems
should be immune). The virus then attaches itself to all binary
incoming data and infects the host computer’s hard disk. The only
way to get rid of this virus is to completely reset all the modem
registers by hand, but I haven’t found a way to vaccinate a modem
against the virus, but there is the possibility of building a
subcarrier filter. I am calling on a 1200 baud modem to enter this
message, and have advised the sysops of the two other boards
(names withheld). I don’t know how this virus originated, but I’m
sure it is the work of someone in the computer telecommunications
field such as myself. Probably the best thing to do now is to
stick to 1200 baud until we figure this thing out.

Mike RoChenle

This bogus virus description spawned a humorous alert by Robert Morris III :

Date: 11-31-88 (24:60) Number: 32769
To: ALL Refer#: NONE
From: ROBERT MORRIS III Read: (N/A)
Subj: VIRUS ALERT Status: PUBLIC MESSAGE

Warning: There’s a new virus on the loose that’s worse than
anything I’ve seen before! It gets in through the power line,
riding on the powerline 60 Hz subcarrier. It works by changing the
serial port pinouts, and by reversing the direction one’s disks
spin. Over 300,000 systems have been hit by it here in Murphy,
West Dakota alone! And that’s just in the last 12 minutes.

It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
RSX-11, ITS, TRS-80, and VHS systems.

To prevent the spresd of the worm:

1) Don’t use the powerline.
2) Don’t use batteries either, since there are rumors that this
virus has invaded most major battery plants and is infecting the
positive poles of the batteries. (You might try hooking up just
the negative pole.)
3) Don’t upload or download files.
4) Don’t store files on floppy disks or hard disks.
5) Don’t read messages. Not even this one!
6) Don’t use serial ports, modems, or phone lines.
7) Don’t use keyboards, screens, or printers.
8) Don’t use switches, CPUs, memories, microprocessors, or
mainframes.
9) Don’t use electric lights, electric or gas heat or
airconditioning, running water, writing, fire, clothing or the
wheel.

I’m sure if we are all careful to follow these 9 easy steps, this
virus can be eradicated, and the precious electronic flui9ds of
our computers can be kept pure.

—RTM III

Since that time virus hoaxes have flooded the Internet.With thousands of
viruses worldwide, virus paranoia in the community has risen to an extremely
high level. It is this paranoia that fuels virus hoaxes. A good example of
this behavior is the “Good Times” virus hoax which started in 1994 and is
still circulating the Internet today. Instead of spreading from one computer
to another by itself, Good Times relies on people to pass it along.

—————————————————————————-

How to Identify a Hoax

There are several methods to identify virus hoaxes, but first consider what
makes a successful hoax on the Internet. There are two known factors that
make a successful virus hoax, they are: (1) technical sounding language, and
(2) credibility by association. If the warning uses the proper technical
jargon, most individuals, including technologically savy individuals, tend
to believe the warning is real. For example, the Good Times hoax says that
“…if the program is not stopped, the computer’s processor will be placed
in an nth-complexity infinite binary loop which can severely damage the
processor…”. The first time you read this, it sounds like it might be
something real. With a little research, you find that there is no such thing
as an nth-complexity infinite binary loop and that processors are designed
to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the
warning. If the janitor at a large technological organization sends a
warning to someone outside of that organization, people on the outside tend
to believe the warning because the company should know about those things.
Even though the person sending the warning may not have a clue what he is
talking about, the prestige of the company backs the warning, making it
appear real. If a manager at the company sends the warning, the message is
doubly backed by the company’s and the manager’s reputations.

Individuals should also be especially alert if the warning urges you to pass
it on to your friends. This should raise a red flag that the warning may be
a hoax. Another flag to watch for is when the warning indicates that it is a
Federal Communication Commission (FCC) warning. According to the FCC, they
have not and never will disseminate warnings on viruses. It is not part of
their job.

CIAC recommends that you DO NOT circulate virus warnings without first
checking with an authoritative source. Authoritative sources are your
computer system security administrator or a computer incident advisory team.
Real warnings about viruses and other network problems are issued by
different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are
digitally signed by the sending team using PGP. If you download a warning
from a teams web site or validate the PGP signature, you can usually be
assured that the warning is real. Warnings without the name of the person
sending the original notice, or warnings with names, addresses and phone
numbers that do not actually exist are probably hoaxes.

Another area of concern is Internet chain letters that may or may not be
true. For more information on Internet chain letters reference
http://ciac.llnl.gov/ciac/CIACChainLetters.html.

—————————————————————————-

What to Do When You Receive a Warning

Upon receiving a warning, you should examine its PGP signature to see that
it is from a real response team or antivirus organization. To do so, you
will need a copy of the PGP software and the public signature of the team
that sent the message. The CIAC signature is available at the CIAC home
page: http://ciac.llnl.gov/ You can find the addresses of other response
teams by connecting to the FIRST web page at: http://www.first.org. If there
is no PGP signature, see if the warning includes the name of the person
submitting the original warning. Contact that person to see if he/she really
wrote the warning and if he/she really touched the virus. If he/she is
passing on a rumor or if the address of the person does not exist or if
there is any questions about the authenticity or the warning, do not
circulate it to others. Instead, send the warning to your computer security
manager or incident response team and let them validate it. When in doubt,
do not send it out to the world. Your computer security managers and the
incident response teams teams have experts who try to stay current on
viruses and their warnings.

In addition, most anti-virus companies have a web page containing
information about most known viruses and hoaxes. You can also call or check
the web site of the company that produces the product that is supposed to
contain the virus. Checking the PKWARE site for the current releases of
PKZip would stop the circulation of the warning about PKZ300 since there is
no released version 3 of PKZip. Another useful web site is the “Computer
Virus Myths home page” (http://www.kumite.com/myths/) which contains
descriptions of several known hoaxes. In most cases, common sense would
eliminate Internet hoaxes.

—————————————————————————-
UCRL-MI-119788
[CIAC Home Page] [Disclaimer]
Last modified: Tuesday, 05-Aug-97 12:12:00 PDT
CIAC Web Server / CIAC / webmaster@ciac.llnl.gov

Possibly Related Posts: