This document contains the original hoax warnings that describe the terrible things that some malicious code will do to you. All of these are fake.
The PKZ300 Trojan is a real Trojan program, but the initial warning about it was released over a year ago. For information pertaining to PKZ300 Trojan reference CIAC Notes issue 95-10, at http://ciac.llnl.gov/ciac/notes/Notes10.shtml that was released in June of 1995. The warning itself, on the other hand, is gaining urban legend status. There has been an extremely limited number of sightings of this Trojan and those appeared over a year ago. Even though the Trojan warning is real, the repeated circulation of the warning is a nuisance. Individuals who need the current release of PKZIP should visit the PKWare web page at http://www.pkware.com. CIAC recommends that you DO NOT recirculate the warning about this particular Trojan.
The following is the true warning about PKZ300 from the PKWare web site:
!!! PKZIP Trojan Horse Version - (Originally Posted May 1995) !!! It has come to the attention of PKWARE that a fake version of PKZIP is being distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an offical version from PKWARE and it will attempt to erase your hard drive if run. It attempts to perform a deletion of all the directories of your current drive. If you have any information as to the creators of this trojan horse, PKWARE would be extremely interested to hear from you. If you have any other questions about this fake version, please e-mail support@pkware.com
The "Irina" virus warnings are a hoax. The former head of an electronic publishing company circulated the warning to create publicity for a new interactive book by the same name. The publishing company has apologized for the publicity stunt that backfired and panicked Internet users worldwide. The original warning claimed to be from a Professor Edward Pridedaux of the College of Slavic Studies in London; there is no such person or college. However, London's School of Slavonic and East European Studies has been inundated with calls. This poorly thought-out publicity stunt was highly irresponsible. For more information pertaining to this hoax, reference the UK Daily Telegraph at http://www.telegraph.co.uk. The original hoax message is as follows:
FYI There is a computer virus that is being sent across the Internet. If you receive an e-mail message with the subject line "Irina", DONOT read the message. DELETE it immediately. Some miscreant is sending people files under the title "Irina". If you receive this mail or file, do not download it. It has a virus that rewrites your hard drive, obliterating anything on it. Please be careful and forward this mail to anyone you care about. ( Information received from the Professor Edward Prideaux, College of Slavonic Studies, London ).
The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning.
CIAC first described the Good Times Hoax in CIAC NOTES 94-04c released in December 1994 and described it again in CIAC NOTES 95-09 in April 1995. More information is in the Good_Times FAQ (http://www.public.usit.net/lesjones/goodtimes.html) written by Les Jones.
The original "Good Times" message that was posted and circulated in November and December of 1994 contained the following warning:
Here is some important information. Beware of a file called Goodtimes. Happy Chanukah everyone, and be careful out there. There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.
Soon after the release of CIAC NOTES 04, another "Good Times" message was circulated. This is the same message that is being circulated during this recent "Good Times" rebirth. This message includes a claim that the Federal Communications Commission (FCC) released a warning about the danger of the "Good Times" virus, but the FCC did not and will not ever issue a virus warning. It is not their job to do so. See the FCC Public Notice 5036. The following is the expanded "Good Times" hoax message:
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality. What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop - which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.
The following spoof of the good times hoax is too well done not to include here. We believe this was written by Patrick J Rothfuss; if this is incorrect, we apologize to the true author.
December 1996
READ THIS:
Goodtimes will re-write your hard drive. Not only that, but
it will scramble any disks that are even close to your computer. It
will recalibrate your refrigerator's coolness setting so all your ice
cream goes melty. It will demagnetize the strips on all your credit
cards, screw up the tracking on your television and use subspace field
harmonics to scratch any CD's you try to play.
It will give your ex-girlfriend your new phone number. It
will mix Kool-aid into your fishtank. It will drink all your beer and
leave its socks out on the coffee table when there's company coming
over. It will put a dead kitten in the back pocket of your good suit
pants and hide your car keys when you are late for work.
Goodtimes will make you fall in love with a penguin. It will
give you nightmares about circus midgets. It will pour sugar in your
gas tank and shave off both your eyebrows while dating your
girlfriend behind your back and billing the dinner and hotel room to
your Discover card.
It will seduce your grandmother. It does not matter if she
is dead, such is the power of Goodtimes, it reaches out beyond the
grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't
find it. It will kick your dog. It will leave libidinous messages on
your boss's voice mail in your voice! It is insidious and subtle. It
is dangerous and terrifying to behold. It is also a rather
interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the
toilet seat up. It will make a batch of Methanphedime in your bathtub
and then leave bacon cooking on the stove while it goes out to chase
gradeschoolers with your new snowblower.
Listen to me. Goodtimes does not exist.
It cannot do anything to you. But I can. I am sending this
message to everyone in the world. Tell your friends, tell your
family. If anyone else sends me another E-mail about this fake
Goodtimes Virus, I will turn hating them into a religion. I will do
things to them that would make a horsehead in your bed look like
Easter Sunday brunch.
So there, take that Good Times.
January 2004
And here is another variant of the Good_Times Spoof. This one started going around 10 years after the Good_Times hoax.
If you receive an email entitled "Bedtimes" delete it IMMEDIATELY. Do not open it. Apparently this one is pretty nasty. It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer. It demagnetizes the strips on ALL of your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR, and uses subspace field harmonics to scratch any CD's you attempt to play. It will program your phone auto dial to call only 0898 numbers. This virus will mix antifreeze into your fish tank. IT WILL CAUSE YOUR TOILET TO FLUSH WHILE YOU ARE SHOWERING. It will drink ALL your beer. FOR GOD'S SAKE, ARE YOU LISTENING?? It will leave dirty underwear on the coffee table when you are expecting company. It will replace your shampoo with Nair and your Nair with Rogaine. If the "Bedtimes" message opened in a Windows 95/98 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub. It will not only remove the forbidden tags from your mattresses and pillows, it will also refill your skim milk with whole milk. ******* WARN AS MANY PEOPLE AS YOU CAN. ******* And if you don't send this to 5000 people in 20 seconds, you'll fart so hard that your right leg will spasm and shoot straight out in front of you, sending sparks that will ignite the person nearest you. Send this warning to everyone. If you are a blonde, this is a joke!!!
The following "Deeyenda" virus warning is a hoax. CIAC has received inqueries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a text mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. The newer html formatted mail readers are a potential problem in that anything that can be run on a web page can now be sent as the content of an e-mail message. Potentially damaging content includes axtive-x controls, JavaScript and VBScript applets, and Java applications. As with viewing web pages, you must be careful what you allow to run when you view html formatted e-mail messages. Be sure to set your web security to not let unsafe applications to run without at least asking you first.
**********VIRUS ALERT**********
VERY IMPORTANT INFORMATION, PLEASE READ!
There is a computer virus that is being sent across the Internet. If
you receive an email message with the subject line "Deeyenda", DO NOT
read the message, DELETE it immediately!
Some miscreant is sending email under the title "Deeyenda" nationwide,
if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus
that rewrites your hard drive, obliterates anything on it. Please be
careful and forward this e-mail to anyone you care about.
Please read the message below.
Alex
-----------
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
The Internet community has again been plagued by another computer
virus. This message is being spread throughout the Internet, including
USENET posting, EMAIL, and other Internet activities. The reason for
all the attention is because of the nature of this virus and the
potential security risk it makes. Instead of a destructive Trojan
virus (like most viruses!), this virus referred to as Deeyenda Maddick,
performs a comprehensive search on your computer, looking for valuable
information, such as email and login passwords, credit cards, personal
inf., etc.
The Deeyenda virus also has the capability to stay memory resident
while running a host of applications and operation systems, such as
Windows 3.11 and Windows 95. What this means to Internet users is that
when a login and password are send to the server, this virus can copy
this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).
The reason for this warning is because the Deeyenda virus is virtually
undetectable. Once attacked your computer will be unsecure. Although
it can attack any O/S this virus is most likely to attack those users
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
Explorer 3.0+ which are running under Windows 95). Researchers at
Princeton University have found this virus on a number of World Wide
Web pagesand fear its spread.
Please pass this on, for we must alert the general public at the
security risks.
The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal virus procedure of scanning it before running it should be followed.
The PENPAL GREETINGS! Hoax shown below appears to be an attempt to kill an e-mail chain letter by claiming that it is a self starting Trojan that destroys your hard drive and then sends copies of itself to everyone whose address in in your mailbox. Aside from the fact that a program cannot start itself, the Trojan would also have to know about every different kind of e-mail program to be able to forward copies of itself to other people. This warning is totally a hoax.
FYI! Subject: Virus Alert Importance: High If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. Below is a little explanation of the message, and what it would do to your PC if you were to read the message. If you have any questions or concerns please contact SAF-IA Info Office on 697-5059. This is a warning for all internet users - there is a dangerous virus propogating across the internet through an e-mail message entitled "PENPAL GREETINGS!". DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!" This message appears to be a friendly letter asking you if you are interestedin a penpal, but by the time you read this letter, it is too late. The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone who's e-mail address is present in YOUR mailbox! This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!! Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it! And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!
The Make Money Fast Warning is similar to the Good Times and PENPAL GREETINGS! hoaxes, but appears to be a warning message that is attempting to kill the Make Money Fast e-mail chain letter. While laudable in its intent, the warning has caused as much or more problems than the chain letter it is attempting to kill.
******VIRUS ALERT****** ******VIRUS ALERT****** ******VIRUS ALERT****** There is NEW VIRUS rapidly affecting computers on the internet. This new virus is insidious, in that it transmitted as a USENET message. Usenet is the "news group" area on the internet that users can openly discuss and exchange information on a wide variety of topics. What makes this virus DOUBLY DANGEROUS, is that it is disguised as a common chain letter. Chain letters have been passed across usenet almost since it's beginning. Lately, a common chain letter subject is MAKE MONEY FAST. The Make Money Fast (MMF) chain is read by thousands of people daily. It is also known as: "Easy Cash", "Make Cash Fast", "Turn 5$ into $50,000" and many others. They are all basically the same scheme, in which the reader send $1 to each of the 5 people at the bottom of the list, then moves his name onto the list. The MMF Virus, as it has been doubed, rides along on these chain letters as a "hidden binary attachment". Since most news reader programs (computer programs used to read USENET messages) will automatically decode and store binary attachments, there is NO SAFE WAY to protect yourself from infection. The virus attackes your system the next time you run your news reader. Though the virus is transmitted during a normal usenet session, your NEXT usenet session will probably be your last for a while. As a hidden attachment, it is automatically activated with your news reader, and very quickly destroys your partition table. Generally, this is not even noticed until the next time you try to run ANY program. The next thing the virus does is to place your micro processor into an nth-complexity infinate binary loop, quickly destroying it. This will appear at first as a normal "lock-up" but will quickley wipe out the delicate circuitry in your system. The people that run usenet, at: news.admin.net-abusers are working night and day on a cure. Perhaps some day an automatic process will be able to detect the MMF Virus in usenet messages and cancel them, but that is some time off. At this point, your ONLY hope is to NOT DOWNLOAD ANY MESSAGES that have a subject similar to above. Please, FORWARD this message to ANYONE you know that reads usenet news. Thank you, News.Admin.Net-Abusers
The warning appears to be attempting to kill the following e-mail message that came with the Subject: Make Money Fast, that describes how to start an illegal pyramid scheme on the Internet.
Hello! I've got some awesome news that I think you need to take two
minutes to read if you have ever thought "How could I make some
serious cash in a hurry???" , or been in serious debt, ready to do
almost anything to get the money needed to pay off those bill
collectors. So grab a snack, a warm cup of coffee, or a glass of your
favorite beverage, get comfortable and listen to this interesting,
exciting find!
Let me start by saying that I FINALLY FOUND IT! That's right!.
found it! And I HATE GET RICH QUICK SCHEMES!! I hate those schemes
like multi-level marketing, mail-order schemes, envelope stuffing
scams, 900 number scams... the list goes on forever. I have tried
every darn get rich quick scheme out there over the past 12 years. I
somehow got on mailing lists for people looking to make money (more
like 'desperate stupid people who will try anything for money!').
.
.
.
.
.
[For the completion of the Make Money Fast chain letter, reference the
Make Money Fast Page.]
Quite a few Web site administrators have received email messages that seem to be originating from the same machine hosting the Web site. The email headers are apparently being forged to hide the original sender of the message. The mail being received contains the following:
Subject: security breached by NaughtyRobot This message was sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web. NaughtyRobot exploits a security bug in HTTP and has visited your host system to collect personal, private, and sensitive information. It has captured your Email and physical addresses, as well as your phone and credit card numbers. To protect yourself against the misuse of this information, do the following: 1. alert your server SysOp, 2. contact your local police, 3. disconnect your telephone, and 4. report your credit cards as lost. Act at once. Remember: only YOU can prevent DATA fires. This has been a public service announcement from the makers of NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
The NaughtyRobot email message appears to be a hoax. There is no indication that any of the problems described in the body have taken place on any machine.
Circulating the Internet is an email message entitled "Join the Crew". For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm.
IMPORTANT - VIRUS Alert!!! Take note ! Someone got an email, titled as JOIN THE CREW. It has erased his hard drive. Do not open up any mail that has this title. It will erase your whole hard drive. This is a new email virus and not a lot of people know about it, just let everyone know, so they won't be a victim. Please e-mail this to everyone you know!!! Remember the title : JOIN THE CREW
Variants of this email message are circulating the Internet. If you receive an email message entitled "Join the Crew" and it has an attachment, CIAC recommends that you delete the message and the attachment. If you receive just the message, delete the message. Please DO NOT circulate unvalidated virus alerts.
The Death Ray Virus is a hoax. The following "Death Ray Virus" warning was reported in the Weekly World News and other publications. CIAC knows of no virus or any computer program for that matter that has caused physical damage to a computer or cause it to explode. The only systems we know about where software could cause hardware damage are some of the original IBM PCs where the video card could be switched to handle the wrong monitor type which damaged the input circuits of the monitor. No explosion was invloved, only non-working electronics.
A deadly new computer virus that actually causes home computers to explode in a hellish blast of glass fragments and flame has injured at least 47 people since August 15, horrifying authorities who say millions of people are risking injury, blindness or death every time they sit down to work at their PC! "Computer viruses of the past could disable your computer, but this virus goes a step further -- and can kill you," declared Martin Heriden, a computer expert who specializes in identifying computer viruses. "This virus doesn't carry the usual 'markers' that enable it to be detected. It slips through the cracks, so to speak. "It is an extremely complicated process. But suffice it to say that the virus affects the computer's hardware, creating conditions that lead to dangerous short circuits and power surges. The end result? Explosions -- powerful explosions. And millions of Internet users are at risk." The virus, nicknamed Death Ray by experts like Heriden, surfaced in England on August 1. A 24-year-old college student was permanently blinded when his 15-inch color monitor exploded in his face. "So how do you protect yourself? I wish I knew," said Heriden. "You either stop using the Internet or you take your chances until we can get a handle on this thing and get rid of it for good.
Circulating the Internet is an email message warning about an A.I.D.S. virus that destroys your computer. This warning is a hoax.
There are actually several real AIDS viruses and Trojan horses, but this warning message does not describe any of them.
This particular warning message (shown below) indicates that the virus comes in an e-mail message. While a virus may be in an attachment to an e-mail message, reading that message with a standard, text based, mail reader cannot execute a virus. A virus in an attachment cannot do anything until that attachment is executed, or in the case of a Word macro virus, the attached Word document is opened in Word. For this reason, CIAC recommends that you scan all executable programs and Word documents that were sent as attachments to e-mail messages before running or editing them.
The warning claims the virus destroys your actual hardware, such as memory, mouse, key board, and hard drive, all of which is impossible. Also notice that the author has not signed the message or given you any way to authenticate it, which is another strong indication of a hoax.
THEREE IS A VIRUS GOING AROUND CALLED THE A.I.D.S VIRUS. IT WILL ATTACH ITSELF INSIDE YOUR COMPUTER AND EAT AWAY AT YOUR MEMORY THIS MEMORY IS IRREPLACEABLE. THEN WHEN IT'S FINISHED WITH MEMORY IT INFECTS YOUR MOUSE OR POINTING DEVICE. THEN IT GOES TO YOUR KEY BOARD AND THE LETTERS YOU TYPE WILLNOT REGISTER ON SCREEN. BEFORE IT SELF TERMINATES IT EATS 5MB OF HARD DRIVE SPACE AND WILL DELETE ALL PROGRAMS ON IT AND IT CAN SHUT DOWN ANY 8 BIT TO 16 BIT SOUND CARDS RENDERING YOUR SPEAKERS USELESS. IT WILL COME IN E-MAIL CALLED "OPEN:VERY COOL! :) DELETE IT RIGHT AWAY. THIS VIRUS WILL BASICLY RENDER YOUR COMPUTER USELESS. YOU MUST PASS THIS ON QUICKLY AND TO AS MANY PEOPLE AS POSSLE!!!!! YOU MUST!
January 1997
The Bud Frogs screensaver is a legitimate program and the warning about it is a hoax. Keep in mind that this or any executable program could be infected with a virus so take care if you get a copy from a third party. Any legitimate program could also be replaced with a Trojan program by simply changing the Trojan's name to that of the legitimate program. As with any program, you should never run one obtained from unknown sources because you run the risk of running a virus or Trojan Horse. Try to get your programs from the original site and scan them with antivirus software just to be sure they are not infected.
DANGER!!! VIRUS ALERT!!! THIS IS A NEW TWIST. SOME CREEPOID SCAM-ARTIST IS SENDING OUT A VERY DESIRABLE SCREEN-SAVER (THE BUD FROGS). BUT IF YOU DOWN-LOAD IT, YOU'LL LOSE EVERYTHING!!!!! YOUR HARD DRIVE WILL CRASH!! DON'T DOWNLOAD THIS UNDER ANY CIRCUMSTANCES!!! IT JUST WENT INTO CIRCULATION YESTERDAY, AS FAR AS WE KNOW....BE CAREFUL. PLEASE DISTRIBUTE TO AS MANY PEOPLE AS POSSIBLE...THANX BELOW IS WHAT THE SCREENSAVER PROGGIE WOULD LOOK LIKE! File: BUDSAVER.EXE (24643 bytes) DL Time (28800 bps): <1 minute
May 1999
Another screen saver that is supposed to be a Trojan program. There is no such Trojan or virus; this is a hoax. There are Trojan programs out there but this is not one of them. To insure you have a good copy of any downloaded program, be sure to get it from the original site and not from a third party where it might have been infected with a virus.
Subject: FW: Another Virus !!!!!! Someone is sending out a very desirable screen-saver, a Bug's Life - "BUGGLST.ZIP". If you download it, you will lose everything!!! Your hard drive will crash and someone from the Internet will get your screen name and password! DO NOT DOWNLOAD THIS UNDER ANY CIRCUMSTANCES!!! IT JUST WENT INTO circulation yesterday, as far as we know. Please distribute/inform this message. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from Microsoft. Please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped
AOL has declared the AOL V4.0 Cookie chain letter a hoax. CIAC received the following statement from AOL: "I wish to bring to your attention the attached hoax letter that has been circulating on the Internet, making serious allegations about AOL 4.0. All of these allegations are false." Tatiana Gau, Vice President of AOL Integrity Assurance.
From a former AOL employee: I'll try and cut through the crap, and try to get to the point of this letter. I used to work for America Online, and would like to remain anonymous for that reason. I was laid off in early September, but I know exactly why I was laid off, which I will now explain: Since last December, I had been one of the many people assigned to design AOL 4.0 for Windows (AOL 4.0 beta, codenamed Casablanca). In the beginning, I was very proud of this task, until I found out the true cost of it. Things were going fine until about mid-February, when me and 2 of my colleagues started to suspect a problem, an unexplainable 'Privacy Invasion', with the new version. One of them, who is a master programmer, copied the finished portion of the new version (Then 'Build 52'), and took it home, and we spent nearly 2 weeks of sleepless nights examining and debugging the program, flipping it inside-out, and here is what we found. Unlike all previous versions of America Online, version 4.0 puts something in your hard drive called a 'cookie'. (AOL members click here for a definition). However, the cookie we found on Version 4.0 was far more treacherous than the simple Internet cookie. How would you like somebody looking at your entire hard drive, snooping through any (yes, any) piece of information on your hard drive. It could also read your password and log in information and store it deep in the program code. Well, all previous versions, whether you like it or not, have done this to a certain extent, but only with files you downloaded. As me and my colleagues discovered, with the new version, anytime you are signed on to AOL, any top AOL executive, any AOL worker, who has been sworn to secrecy regarding this feature, can go in to your hard drive and retrieve any piece of information that they so desire. Billing, download records, e-mail, directories, personal documents, programs, financial information, scanned images, etc. Better start keeping all those pictures on a floppy disk! This is a totally disgusting violation of our rights, and your right to know as well. Since this is undoubtedly 'Top Secret' information that I am revealing, my life at AOL is pretty much over. After discovering this inform attain, we started to inform a few other workers at America Online, so that we could get a large enough crew to stop this from happening to the millions of unfortunate and unsuspecting America Online members. This was in early August. One month later, all three of us were unemployed. We got together, and figured there was something we had to do to let the public know. Unemployed, with one of us going through a divorce (me) and another who is about to undergo treatment for Cancer, our combined financial situation is not currently enough to release any sort or article. We attempted to create a web page on three different servers containing in-depth information on AOL 4.0, but all three were taken down within 2 days. We were running very low on time (4.0 is released early this winter), so we figured our last hope to reveal this madness before it effects the people was starting something similar to a chain letter, this letter you are reading. Please do the following, to help us expose AOL for who they really are, and to help us and yourself receive personal gratification for taking a stand for our freedom: 1. Forward this letter to as many people as you can (not just friends and family, as many as you can)! 2. Tell people who aren't on America Online in person, especially important people (Private Investigators, Government workers, City Council) 3. If the information about the new version isn't exposed by the time AOL is released early this winter, for your own protection, DON'T DOWNLOAD AOL 4.0 UNDER ANY CONDITION !!! Thank you for reading and examining this information. Me and my colleagues hope that you will help us do the right thing in this situation. Enjoy America Online (just kidding!). Regards, A former AOL employee
AOL4FREE actually consists of three separate, independent items:
The AOL4FREE Macintosh Program was originally written to provide illegal free access to America Online. In the March 1997 issue of the CSI Computer Security Alert the following statement was made concerning the creator of that program:
"A former Yale computer science student has pleaded guilty to defrauding America Online. AOL estimates it lost between $40,000 and $70,000 in service charges because the student distributed his computer program, AOL4FREE, to hundreds of other users."
Note that any attempt to use the original AOL4FREE program may subject you to prosecution.
The second item is the AOL4FREE Virus Warning Hoax message. The following message has been circulating around the Internet, warning of a virus infected e-mail message:
VIRUS ALERT!!!
DON'T OPEN E-MAIL NOTING "AOL4FREE"
Anyone who receives this must send it to as many people as you can. It
is essential that this problem be reconciled as soon as possible. A few
hours ago, I opened an E-mail that had the subject heading of "AOL4FREE.COM".
Within seconds of opening it, a window appeared and began to display my files
that were being deleted. I immediately shut down my computer, but it was too
late. This virus wiped me out. It ate the Anti-Virus Software that comes with
the Windows '95 Program along with F-Prot AVS. Neither was able to detect it.
Please be careful and send this to as many people as possible, so maybe this
new virus can be eliminated.
This message has several problems that identify it as a hoax.
The third item is the AOL4FREE.COM Trojan Horse. This program appears to be the AOL4FREE program that creates fraudulent AOL accounts (though it is a DOS program instead of a Macintosh program) but is actually a simple compiled DOS batch file that runs the DOS DELTREE command on the C:\ directory of a DOS/Windows machine. The DELTREE command deletes all files in a directory, including the directory itself and any subdirectories in that directory. The effect is to delete all files on the C: drive of a DOS/Windows machine. If you should come across this program from any source, do not run it. For more information see CIAC Bulletin H-47a: AOL4FREE.COM Trojan Horse Program Destroys Hard Drives.
CIAC ALWAYS recommends that software downloaded onto a computer from any source (BBS, e-mail attachment, floppy, web) be scanned with antivirus software prior to being run. Note that most antivirus software does not detect Trojans, so it is important to know where your software came from before executing it.
March 1999
Recently Blue Mountain Cards was the target of false warnings that opening a greeting card on their website would cause systems to crash. Below is a statement from the Executive Director of Blue Mountain Cards.
Jared Schutz, Executive Director Blue Mountain Arts "It is very frustrating and difficult for us to dispel these rumors, but please help us in doing so by passing this email along to your friends and spreading the word that there is no way that bluemountain.com can spread a virus. Our electronic greeting cards are simply web pages that you view with your browser. Our email notifications are only text messages without any attached files. When someone sends or receives cards from our site, they do not actually download to their computer any file that might contain a virus. We are worried that these rumors are hurting our free card efforts, and hope that you can help us set the record straight." http://www.bluemountain.com
April 2003
Some miscreant has decided to make this hoax true by creating a virus that appears to be an e-card from Blue Mountain Cards. If you get an e-mail message that says you have an e-card from someone and the card is a link back to the Bluemountain.com website, it is probably a real e-card. For example, the following is an e-card I sent to myself. The link back to Bluemountain is in blue.
Subject: Hi, I sent you an eCard from BlueMountain.com To: hoaxmaster@ciac.org To view your eCard, choose from the options below. Click on the following link. http://www.bluemountain.com/view.pd?i=64039350&m=8658&rr=y&source=bma999 OR Copy and paste the above link into your web browser's "address" window. OR Enter the following eCard Number, 640393508658, on our Card Pick Up Window at http://www.bluemountain.com/findit.pd If you have any comments or questions, please visit http://www.bluemountain.com/customer/index.pd?source=bma999 Thanks for using BlueMountain.com.
On the other hand, if the message contains an executable file attachment such as BlueMountainCard.pif shown below in red, don't click on the attachment as it is probably the w32.HLLW.Cult@mm virus.
Subject: Hi, I sent you an eCard from BlueMountain.com To view your eCard, open the attachment If you have any comments or questions, please visit http://www.bluemountain.com/customer/index.pd Thanks for using BlueMountain.com. BlueMountaineCard.pif
April 1999
The original email titled "It Takes Guts to Say 'Jesus'" is a poor rewrite of several old hoaxes. Now that hoax has been rewritten as an aftermath of the 'Melissa' virus outbreak.
Here is the newest version circulating the internet.
If you receive an email titled "It Takes Guts to Say 'Jesus' DO NOT OPEN IT. It will erase everything on your hard drive. This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than "Melissa", and that there is NO remedy for it at this time. Some very sick individual has succeeded in using the re-format function from Norton Utilities causing it to completely erase all documents on the hard drive.It has been designed to work with Netscape Navigator and Microsoft Internet Explorer.It destroys MacIntosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it. Pass this warning along to EVERYONE in your address book and please share it with all your online friends ASAP so that this threat may be stopped. Please practice cautionary measures and tell anyone that may have access to your computer. Forward this warning to everyone that might access the internet
December 1999
Nstorm (http://www.nstorm.com ) has become the victim of a hoax chain letter stating that two of their games being distributed over the internet are infected with a virus. The chain letter does not state what the malicious code is. Listed below is a statement from Nick Schoeneberger of Nvision Design, Inc., the developer of the game. CIAC recommends that you check with vendors or other reliable sources before forwarding warnings that may be bogus.
Keep in mind that while the games available from Nstorm's web page are virus free, copies that are being e-mailed around the network could be infected with a virus or could be a Trojan program with the same name as the original game. To be safe, you should never run executables that are sent to you by an unknown/untrusted source but get an original copy directly from the manufacturer's website or from a trusted downloading site.
October 1988
Since 1988, computer virus hoaxes have been circulating the Internet. In October of that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 1992) one of the first virus hoaxes was the 2400 baud modem virus:
SUBJ: Really Nasty Virus AREA: GENERAL (1) I've just discovered probably the world's worst computer virus yet. I had just finished a late night session of BBS'ing and file treading when I exited Telix 3 and attempted to run pkxarc to unarc the software I had downloaded. Next thing I knew my hard disk was seeking all over and it was apparently writing random sectors. Thank god for strong coffee and a recent backup. Everything was back to normal, so I called the BBS again and downloaded a file. When I went to use ddir to list the directory, my hard disk was getting trashed again. I tried Procomm Plus TD and also PC Talk 3. Same results every time. Something was up so I hooked up to my test equipment and different modems (I do research and development for a local computer telecommunications company and have an in-house lab at my disposal). After another hour of corrupted hard drives I found what I think is the world's worst computer virus yet. The virus distributes itself on the modem sub- carrier present in all 2400 baud and up modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no othr (sp) purpose. The virus sets a bit pattern in one of the internal modem registers, but it seemed to screw up the other registers on my USR. A modem that has been "infected" with this virus will then transmit the virus to other modems that use a subcarrier (I suppose those who use 300 and 1200 baud modems should be immune). The virus then attaches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of this virus is to completely reset all the modem registers by hand, but I haven't found a way to vaccinate a modem against the virus, but there is the possibility of building a subcarrier filter. I am calling on a 1200 baud modem to enter this message, and have advised the sysops of the two other boards (names withheld). I don't know how this virus originated, but I'm sure it is the work of someone in the computer telecommunications field such as myself. Probably the best thing to do now is to stick to 1200 baud until we figure this thing out. Mike RoChenle
November 1988
The 2400 Baud Modem Virus spawned a humorous alert by Robert Morris III :
Date: 11-31-88 (24:60) Number: 32769
To: ALL Refer#: NONE
From: ROBERT MORRIS III Read: (N/A)
Subj: VIRUS ALERT Status: PUBLIC MESSAGE
Warning: There's a new virus on the loose that's worse than
anything I've seen before! It gets in through the power line,
riding on the powerline 60 Hz subcarrier. It works by changing the
serial port pinouts, and by reversing the direction one's disks
spin. Over 300,000 systems have been hit by it here in Murphy,
West Dakota alone! And that's just in the last 12 minutes.
It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
RSX-11, ITS, TRS-80, and VHS systems.
To prevent the spresd of the worm:
1) Don't use the powerline.
2) Don't use batteries either, since there are rumors that this
virus has invaded most major battery plants and is infecting the
positive poles of the batteries. (You might try hooking up just
the negative pole.)
3) Don't upload or download files.
4) Don't store files on floppy disks or hard disks.
5) Don't read messages. Not even this one!
6) Don't use serial ports, modems, or phone lines.
7) Don't use keyboards, screens, or printers.
8) Don't use switches, CPUs, memories, microprocessors, or
mainframes.
9) Don't use electric lights, electric or gas heat or
airconditioning, running water, writing, fire, clothing or the
wheel.
I'm sure if we are all careful to follow these 9 easy steps, this
virus can be eradicated, and the precious electronic flui9ds of
our computers can be kept pure.
---RTM III
Circulating on the Internet is an e-mail message addressing an America Online 4.0 Upgrade. You should never receive an AOL upgrade via e-mail because according to America Online: "AOL does not circulate ANYTHING to customers by way of e-mail with attached files. All AOL software is distributed through keyworded download areas on the service." The following is the e-mail message being circulated:
Attention Friends Another scam on the lurch on the AOL net.... BEWARE !!!!!! If you receive an e-mail that is titled "Fwd: America Online 4.0 Upgrade" or has an attached file called "Setup40.exe" Do not download the program it is NOT Aol 4.0 it is a program that will e-mail your SCREEN NAME and your PASSWORD to two or more people during two blackouts of your computer screen. DO NOT DOWNLOAD DELETE IT!!! Please E-Mail this letter to as many people as possible to avoid damage....thanks !!!
Circulating the Internet is e-mail messages entitle "WIN A HOLIDAY". These e-mail messages are a hoax and the false warning of a malicious e-mail does not exist. There is currently no virus that has the characteristic described in the message. The message is a variant of the "Join the Crew" hoax and another variant called "JUST WIN A HOLIDAY". CIAC recommends that you DO NOT pass the message to others.
VIRUS WARNING !!!!!! If you receive an email titled "WIN A HOLIDAY" DO NOT open it. It will erase everything on your hard drive. Forward this letter out as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from Microsoft; please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in our address book so that this may be stopped. Also, do not open or even look at any mail that says "RETURNED OR UNABLE TO DELIVER" This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.
May 1999
Why would you want to give a cat a colonic anyway. This is a hoax.
If you receive an e-mail entitled, "How to Give a Cat a Colonic," DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM. Please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time.
May 1999
And now a virus that attacks a mobile phone just by dialing in and listening.
Subject: GSM mobile phones Virus! Date: Wed, 19 May 1999 10:39:00 -0400 BEWARE!!! Dear all mobile phone's owners, ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM. All mobile phone in DIGITAL system can be infected by this virus. If you receive a phone call and your phone display "UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display in-coming call telephone number), DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!! BECAUSE IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMIE and IMSI information from both your phone and your SIM card which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. For more information, please visit Motorola or Nokia web sites: http://www.mot.comor http://www.nokia.com There are over 3 million mobile phone being infected by this virus in USA now. You can also check this news in CNN web site: http://www.cnn.com Please forward this information to all your friends who have digital mobile phones.
May 1999
The Wobbler virus was supposed to be in a file named California. Both the virus and the file are a hoax. There is a report from IBM on Wobbler but like this page, it says that wobbler is a hoax.
Subject: FW: New Virus Warning
Dear ALL
Thought you might be interested in this message. If you receive an email
with a file called "California" do not open the file. The file
contains the "WOBBLER" virus.
This information was announced yesterday morning by IBM. The report says
..."this is a very dangerous virus, much worse than "Melissa"
and there is NO remedy for it at this time. Some very sick individual
has succeeded in using the reformat function from Norton Utilities
causing it to completely erase all documents on the hard drive. It has
been designed to work with Netscape Navigator and Microsoft Internet
Explorer. destroys Macintosh and IBM compatible computers. This is a
new, very malicious virus and not many people know about it at this
time. Please pass this warning to everyone in your address book and share
it all your online friends asap so that the destruction it can cause
may be minimized"
All the best
Dan
And a French Version.
Dans le cas ou l'information suivante puisse vous servir un jour je vous la transmet. J'ai été informe par mail d'un nouveau virus-WOBBLER. Il est transmis par un mail intitule CALIFORNIA. IBM et AOL ont annonce qu'il serait très puissant, encore plus que Melissa (connaît pas pour ma part!), et il n'y a pas de remède (plus embêtant!). Il dévorerait toutes les informations situées sur votre disque dur et détruirait également Netscape Navigator et Microsoft Internet Explorer. N'ouvrez pas de mail intitule ainsi et transmettez ce message a tous vos contacts.
September 1999
Whomever wrote the Lump of Coal hoax should get some lumps for starting this around.
Warning on December 25, 1999 you may receive an email called, Lump of Coal...do not open it, it contains a deadly virus...it will erase your windows along with many other program files. Pass this on as soon as you can to get the WORD out!!! This is not a hoax....this was reported on the CBS morning news August 20,1999
October 1999
The BUDDYLST hoax even comes in French.
Objet: Fw: Danger - Virus - Danger
This is not a joke
This information came from Microsoft.
Please pass it on to anyone you know who has access to the Internet.
You may receive an apparently harmless Budweiser screen saver,
entitled BUDDYLST.SIP.
If you do -DO NOT OPEN IT UNDER ANY CIRCUMSTANCES,
but delete it immediately.
Once opened, you will lose EVERYTHING on your PC.
Your hard disc will be completely destroyed and the person who sent
you the message will have access to your name and password via the
Internet.
As far as we know, the virus was circulated yesterday morning.
It's a new virus, and extremely dangerous.
Please copy this information and e-mail it to everyone in your
address book. We need to do all we can to block this virus.
AOL has confirmed how dangerous it is, and there is no anti-virus
program yet, which is capable of destroying it.
Please take all the necessary precautions and pass this information
on to your friends, acquaintances and work colleagues.
And now a French version that someone painstakingly translated so our international neighbors will not feel left out.
Microsoft nous a communiqué le message qui suit.
SVP le transmettre à toute personne que vous connaissez qui a accès
à l'Internet.
Vous recevrez peut-être un écran de veille (" screen saver ") de
Budweiser qui à prime abord vous paraîtra inoffensif.
Le message est intitulé BUDDYLST.SIP.
Si vous le recevez, NE L'OUVREZ PAS EN AUCUN CAS - annulez-le
immédiatement.
En l'ouvrant, vous allez perdre TOUTES LES DONNÉES de votre
ordinateur et votre disque dur sera totalement détruit. De plus, la
personne qui vous aura envoyé ce message aura accès à votre nom et votre
mot de passe via l'Internet.
Tout ce que nous savons c'est que le virus a été circulé hier matin.
Il s'agit d'un tout nouveau virus qui est extrêmement dangereux.
Veuillez communiquer ces renseignements par courriel à toutes les
adresses dans votre carnet d'adresses.
Nous devons tout faire pour le bloquer.
AOL a confirmé jusqu'à quel point ce virus est dangereux.
Aucun programme actuel ne peut le détruire.
Veuillez prendre toutes les précautions nécessaires, et communiquer
ce message à vos amis, connaissances et collègues de travail.
March 2001
This must have been put out by someone who is tired of looking at other people's picture albums.
Subject: Virus to look out for DO NOT OPEN "NEW PICTURES OF FAMILY" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-mail from a familiar person. I repeat a friend sent it to me, but called & warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all. Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an e-mail called "FAMILY PICTURES," do not open it. Delete it right away! This virus removes all dynamic link from your computer. Your computer will not be able to boot up.
December 2001
This warning is just another variant of the Family Pictures Hoax.
To: friends Sent: Thursday, December 13, 2001 9:11 PM Subject: Troubles with Virus WTC Survivor HOPE THIS GETS TO YOU IN TIME BIG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all. If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one.
March 2001
This particular hoax probably has a political motive. A web site cannot do what is indicated in the message without your help. If a website can get you to download and run an application then it can do anything to your system but without that help it can do little more than open a bunch of windows. Opening a bunch of windows might make your system unusable until you quit your browser or rebooted your system but would do no permanent damage.
I actually went to this site and looked around. I did not find anything malicious. If you click on the about box, it takes you to a page that acknowledges that the hoax message is out there and makes the statements:
Subject; Warning! I don't know how true the following is, I am forwarding it just in case! Warning: Do NOT enter this website: (intifadah.cjb.net) or any other websites that ends up with CJB.net. These are Zionist websites. Th Intifada website has been constructed by the Zionists to attract Arabs and Muslims who browse the net. If you enter the website, your hard-drive crashes at once.
May 2001
This warning is a hoax. It was originally issued in Portuguese but some nice person translated it into English. The real sulfnbk.exe program is a Windows program that is used to restore long file names. You will find it in the \Windows\Command folder. Keep in mind that sulfnbk.exe, like any executable program, could be infected with a virus. You should regularly scan all the files on your system using a current antivirus scanner to insure that none of them contains a virus.
Information on how to replace the sulfnbk.exe program, in case you deleted it, is available at the Symantic, McAfee, and other antivirus websites.
Subject: BAD virus - act quickly!! Date: Tue, 29 May 2001 21:57:22 -0400 Subject: Please Act Urgently VIRUS COULD BE IN YOUR COMPUTER It will become activate on June 1st and will delete all files and folders on the hard drive. No Anti-Virus software can detect it because it doesn't become a VIRUS until 1/6/2001. It travels through the e-mail and migrate to your computer. To find it please follow the following directions: Go To "START" button Go to "Find" or "Search" Go to files and folders Make sure to search in drive C Type in; SULFNBK.EXE Begin Search If it finds it, highlight it and delete it Close the dialogue box Open the Recycle Bin Find the file and delete it from the Recycle Bin You should be safe. The bad part is you need to contact everyone you sent ANY e-mail to in the past few months. Many major companies have found this virus on their computers. Whatever you do, DO NOT open the file.
March 2001
Granted a real virus could delete sector 0 on your hard drive but this isn't one of them. Also note that a knowledgeable person could put back sector 0 of a hard drive and get back all your files.
While this particular message is a hoax, in recent years there have appeared many malicious electronic postcards to the point that I won't open any of them. I have seen e-mails that say to run the executable attachment (Yeah, right!) to view the postcard. The latest have been sent by the Storm Worm, trying to get you to visit a malcode site and download the worm onto your system.
URGENT ALERT Please read the following carefully and send it to EVERYONE you know. Send it to all contacts you have, for I agree with the message, I'd rather receive this 25 times as to not at all.... ------------------------------------------------------- A new virus has just been discovered that has been classified by Microsoft www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive ever! This virus was discovered yesterday afternoon by McAfee and no vaccine has yet been developed. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored. This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title "A Virtual Card for You". As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN (www.cnn.com). This alert was received by an employee of Microsoft itself. So don't open any mails with subject "A Virtual Card for You". As soon as you get the mail, delete it. Please pass on this mail to all your friends. Forward this to everyone in your address book. I would rather receive this 25 times than not at all. Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an email called "An Internet Flower For You", do not open it. Delete it right away! This virus removes all dynamic link libraries(.dll files) from your computer. Your computer will not be able to boot up. SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!
December 2001
I was kind of hoping that this one would die of its own accord, but no such luck. While not really false, this list of instructions does not really help you prevent infections and could fool you into being careless. For the few worms that remote control your Outlook application, this would tell you that you had already spammed the world with who knows how many worm infected e-mails. For the current crop of worms that spread via e-mail, which contain their own internal mailer, this would do nothing. Your time would be much better spent installing a good antivirus program and keeping it updated.
A variant of this says to use AAAAAAA for the user's name and WormAlert@somewhere.com as the address. Unfortunately, somewhere.com is a real domain and now they are getting hammered by every infected machine that uses this "Fix!" I'm sure they would like it to stop.
Remember, don't run attachments that you were not expecting to receive, even those that appear to have been sent by a friend. Verify them first with the friend before running them (assuming you really trust the friend).
Here is a very helpful tip concerning worm viruses you could get in an email: As you may know, if a worm virus gets into your computer, it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This tip won't keep the virus from getting into your computer, but it will stop it from using your address book to spread itself further, and it will alert you to the fact that a worm virus has gotten into your system. Here's what you do: 1. Open your address book and add a "New Contact" just as you would do if you were adding someone to your list of email addresses; 2. In the window where you would type your contact's first name, type !000 (that's an exclamation mark followed by 3 zeros); 3. In the box where you would enter the email address, type WormAlert; 4. Click Add; 5. Then, click OK. Now, here's what you've done and why it works: The name !000 will appear at the top of your email list as entry number: A. This is the first email address a worm virus will find when it tries to send all of your friends a virus infected email. But because the 1st email address is invalid, it will be undeliverable, and the worm virus stops any further attempts to access your address book. B. The second advantage of this tip is that you will be notified when an email cannot be delivered because of an invalid email address. You will receive an email telling you that your email to "WormAlert" could not be delivered. If you get this message, you'll know right away that you've got a worm virus in your system. You can then take the appropriate steps to get rid of it. Just knowing that you even have a virus is half the battle. This is a very helpful tip, so pass it on.
April 2002/June 2003
There are now two jdbmgr messagess; a hoax and a real worm. Some miscreant has decided to make a hoax real so you need to be careful what you do. The jdbgmgr.exe program is a real part of the Windows operating system. It should normally not be removed though doing so will not inconvenience most people. The miscreant has created a computer worm called Recory that overwrites the jdbgmgr.exe program with the worm code. In either case, do not run the jdbgmgr.exe program if it is sent to you in an e-mail. In most cases, you do not need to run the real jdbgmgr.exe program.
The easiest way to recognize the difference between the hoax and the real version of jdbgmgr.exe is to look at the icon. The program with the bear icon is the good one and the one with the tools icon is the bad one.
 |
 |
| The real jdbgmgr program. | The recory worm. |
Jump to the hoax or the worm.
The Jdbgmgr Hoax
The jdbgmgr hoax is almost the same as the
sulfnbk hoax in that it tells you to
delete a program that was installed with Windows. jdbmgr.exe is the Java Debugger Manager
and does have an icon that looks like a Teddy Bear. It is not, normally, a virus. As with all
executables, it is not impossible to have a copy of jdbmgr.exe that is infected
by a virus but that virus will be detected by your antivirus software.
Microsoft has posted the article Q322993 with information on how to replace jdbgmgr.exe if you have deleted it.
Subject: IMPORTANT-VIRUS ALERT!!!
Date: Thu, 18 Apr 2002 04:01:21 +0000
Hi everybody, I just wanted to let you know you
should check your computers by following the
procedure that's next....I don't remember
getting an email with that file attachment, but
I found it in my system. Since I found the
dumb little bear in my computer, I'm sending
you the info.
The virus is called jdbgmgr.exe and it transfers
automatically through Messenger and also through
your address book and since I have all of you in
my address book I have to send everyone this info.
I'm sorry if this causes any problems. It
certainly wasn't intentional.
The virus isn't detected by McAfee or Norton and it
remains in the folder for 14 days before activating
and harming the system. It can be erased before
it eliminates the files in your computer. To
do so, follow these steps:
1.- Click on "Start"
2.- Go to find "files and folders" and write the
name of jdbgmgr.exe
3.- Make sure it's looking in "C" drive.
4.- Click on "Find now"
5.- If the virus appears (the icon is a little bear
that has the name of (jdbgmgr.exe)
DO NOT OPEN IT FOR ANY REASON
6.- Right click on it and delete it (it will go to
the recycle bin)
7.- Go to the recycle bin and either delete
everything in the folder, or right click on
the little bear and delete.
If you find this virus in your computer, please send
this message to all the people in your address book
before it causes any damage.
And a Spanish Version.
me llego este mail y pues me parece importante que lo lean y
lo lleven a cabo porque yo encontre este virus en mi computador.
El motivo de este e-mail es advertir a todos los usuarios de
hotmail sobre un nuevo virus que circula por medio del MSN
Messenger. El virus se llama jdbgmgr.exe y se transmite
automáticamente por medio del Messenger y tambien por la
libreta de direcciones. El virus no es detectado por McAfee
o Norton y permanence en letargo durante 14 días antes de
dañar el sistema entero. Puede ser borrado antes de que elimine
los archivos de tu computadora. Para eliminarlo, solo hay que
hacer los pasos siguientes:
1. Ir a Inicio, pulsar "buscar"
2.- En búsqueda "archivos o carpetas" escribir el nombre jdbgmgr.exe
3.- Asegurarse de que este buscando en disco "C"
4.- Pulsar en "buscar ahora"
5.- Si aparece el virus (el icono es un osito) que tendrá el nombre
de jdbgmgr.exe NO ABRIR POR NINGUN MOTIVO.
6.- Pulsar en el botón derecho del ratón y eliminarlo (ira a la
papelera de reciclaje).
7.- Ir a la papelera de reciclaje y borrarlo definitivamente o bien
vaciar la papelera entera.
SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS
PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE
ALGUN DAÑO
And now a German Version. All these nice people spending their time to save you from something that does not exist.
Subject: Virus-Warnung Auf jeden Fall durchlesen!!! DRINGEND!!! Nach einer Virus-Warnung von einem Freund habe ich den Virus tatsächlich auch bei mir gefunden. Dieser breitet sich über mein Adressbuch aus. Und Sie/Ihr steht auch alle in meinem Adressbuch. Es ist wirklich ein Ernstfall! Bitte schaut umgehend nach!!! Ausschnitt aus der bei mir eingetroffenen Warnung: Das Virus verbreitet sich von Adressbuch zu Adressbuch, also bitte gleich nachschauen. Es ist in der Tat von Norton und McAfee (und AntiVir 9x) nicht auffindbar. Es schlummert etwa 14 Tage auf dem Rechner, aktiviert sich dann selbst und löscht sämtliche Daten auf der Festplatte. Die Anweisung zu seiner Entfernung ist recht einfach: 1. Auf "Start" klicken, dann auf "Suchen", dann auf Dateien/Ordner. 2. In der Suchmaske "jdbgmgr.exe" eintippen - so heisst die Virusdatein 3. Bei "Suchen in" muss die Festplatte drin stehen, in der Regel C: 4. Suche starten 5. Wenn diese Datei auftaucht (sie hat einen kleinen Teddybär) AUF KEINEN FALL ÖFFNEN 6. Mit der rechten Maustaste den Dateinamen anklicken, dann löschen drücken 7. Bei der Rückfrage ob die Anwendung tatsächlich in den Papierkorb verschoben werden soll, Ja drücken 8. Auf den Desktop gehen und den Papierkorb öffnen 9. Die Datei "jdbgmgr.exe" im Papierkorb suchen und mit der rechten Maustaste löchen. Wenn Du/Sie die Datei auf dem Rechner gefunden hast/haben, bitte diese e-Mail an alle Kontakte im Adressbuch versenden, weil der Virus über das Adressbuch verbreitet wird. Danke!
And now an Italian version for those of you who couldn't get it wrong in the other languages.
Potreste avere ricevuto da noi o da altri vostri contatti, un virus che anche noi abbiamo a nostra volta ricevuto. Esso spedisce automaticamente il virus ad ogni nominativo presente nella rubrica indirizzi. Ci suono buone possibilit?che il virus sia anche nel vostro computer dato che voi siete nel nostro indirizzario. Il virus si chiama jdbgmgr.exe ed esso non viene individuato dai programmi antivirus Norton o McAfee. Il virus rimane inattivo per 14 giorni prima di danneggiare il sistema. Esso si spedisce automaticamente a tutti i vostri contatti, indipendentemente che voi spediate o no e-mail agli stessi Il virus non si mostra come una e-mail e quindi dovete verificare il vostro sistema seguendo le seguenti istruzioni per sbarazzarsi del virus: 1. Cliccare Start e poi TROVA quindi FILE o CARTELLE 2. scrivere il nome del file jdbgmgr 3. Accertatevi di cercare nel disco C: ed in tutte le sub-cartelle o altri dischi drives che potreste avere (Risorse del computer). 4. Cliccate TROVA 5. Il virus ha come icona un orsetto Teddy bear con il nome jdbgmgr.exe. NON APRITE ASSOLUTAMENTE IL FILE!!! 6. Se il file del virus ?presente nel vostro computer, evidenziatelo cliccandoci sopra con il tasto destro del mouse e selezionate ELIMINA. 7. Aprite il CESTINO, evidenziate il file ed eliminate il file anche da qui! SE AVETE TROVATO IL VIRUS, DOVETE CONTATTARE TUTTE LE PERSONE NEL VOSTRO INDIRIZZIARIO, AFFINCHE' ANCHE LORO POSSANO CANCELLARE IL VIRUS DAL LORO COMPUTER E RUBRICA. Per fare questo: 1. Aprite una nuova e-mail 2. Cliccate sul simbolo della rubrica a fianco di A: (DESTINATARIO) 3. Evidenziate ogni contatto ed aggiungetelo alla sezione CCN 4. Copiate questo messaggio, incollate e spedite. Ci scusiamo per il disagio causato che purtroppo ?indipendente dalla nostra volont? Nonostante i sistemi fire-wall e antivirus qualche hacker ogni tanto riesce nel suo intento
The Recory worm primarily travels in file sharing programs such as IRC, Kazaa, and Morpheous. The message that comes with it looks a lot like the hoax message but tells you exactly the wrong thing to do. Descriptions of the worm are available at antivirus websites such as,
Hello readers, I have just cleaned my computer from a highly damaging computer virus Which is spreading rapidly through computer networks worldwide. There is one way to check to see if your computer is infected with this virus. Click the "Start" menu at the bottom left of your screen. Click the "Find" or "Search" button. Click the "Files or folders..." option. Then once the search application starts, type "Jdbgmgr.exe" If you have found this file, right-click on it and click the "Properties" tab. If the Properties menu has a picture of a bear on it, your computer is infected with this virus. (Note that the non-infected file picture has a hammer and a screwdriver shown in it) You may delete this file, but this is not the only file that the virus infects, To remove this virus, I have included a virus removal tool in the attachments that will scan all system files and remove any infectious code from them. This virus removal tool is very easy to use. If you have any trouble with this tool, read the help menu that the removal tool supplies. If your computer is infected with this virus, It is strongly recommended that you send this removal tool to as many people as you can to help remove the traces of this virus worldwide.
May 2002
Another watch out for this file hoax. This time it is a PowerPoint presentation. Now, a power point presentation could contain a virus, just like Word and Excel so always check them with an antivirus program before opening a downloaded file and turn off auto-execution of included macros.
This information arrived this morning, from Microsoft and Norton. Please send it to everybody you know who accesses the Internet. You may receive an apparently harmless email with a PowerPoint presentation called "Life is beautiful.pps." If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately. If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful", subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, email and password. This is a new virus which started to circulate on Saturday afternoon. WE NEED TO DO EVERYTHING POSSIBLE TO STOP THIS VIRUS. UOL has already confirmed its dangerousness, and the antivirus Softs are not capable of destroying it. The virus has been created by a hacker who calls himself "life owner", and who aims to destroying domestic PCs and who also fights Microsoft in court! That's why it comes disguised with extension pps. He fights in court for the Windows-XP patent. MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS.
March 2005
While there are some new viruses that do attack some cellular products, this is not one of them. According to the Symantic Antivirus site, this is not real.
Cell phone virus warning********************************** All mobile users pay attention. If you receive a phone call and your Mobile phone displays (ACE) on the screen don't answer the call. END THE CALL IMMEDIATELY. If you answer the call, your phone will be infected by a virus. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone Network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 million mobile phones being infected by this virus all around the world. You can also find this information on the CNN web site. PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS WHO HAVE MOBILE PHONES.
August 2005
This message is partly correct. The body of the message describes a real Trojan that was being distributed in July of 2004. The message included a link to a Trojan program that got installed when you clicked the link. Recently (Aug. 2005) variants of this Trojan message have been seen. Thus the body is largely correct and the link to snopes takes you to a description of the original Trojan message.
The headline of the message is totally wrong. Opening the e-mail will not instantly infect your computer and cause it to crash. Opening the e-mail and then clicking on the link will cause your computer to be infected with the Trojan but will not likely make it crash. If you have an antivirus package installed and have kept it up to date, the antivirus program will stop the Trojan. If you have kept your system up to date, the hole that allowed the Trojan to install itself in Windows will also be closed and the Trojan will not work.
Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!!!
This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.
Don't be inconsiderate; send this warning to whomever you know.
Origins: There are few headlines that would grab the attention of more computer users around the world than "Osama bin Laden Captured," and that's exactly what whoever created this lure was counting on to snare unsuspecting victims who use Microsoft platforms.
"Osama bin Laden Captured" isn't a virus in itself; it's the text of a message that includes a link to a file called EXPLOIT.EXE. When a message recipient clicks on this link to view what he thinks are pictures of Osama bin Laden's capture, he can end up downloading an executable Trojan known as Backdoor-AZU, BKDR_LARSLP.A, Download.Trojan, TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in the "Osama bin Laden Captured" message auto-executes a file called "EXPLOIT.EXE," which exploits a known security hole to download the Trojan. According to McAfee Security:
The Trojan opens a random port on the victim's machine. It sends the Port information to a webpage at IP address 66.139.77.145. The Trojan listens on the open port for instructions and redirects traffic to other IP addresses.
Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous.
Microsoft has made available updates that close the hole exploited by this Trojan.
June 2006
This message is a mixture of several other virus hoax warnings; none of them real.
Warning READ AS SOON AS POSSIBLE Get this sent around to your contacts ASAP...we don't need this spreading around..... PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS: You should be alert during the next days: Do not open any message with an attached filed called "Invitation" regardless of who sent it, It is a virus that opens an Olympic Torch which "burns" the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called "invitation", though sent by a friend,do not open it and shut down your computer immediately. This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept. SEND THIS E-MAIL TO EVERYONE YOU KNOW, COPY THIS E-MAIL AND SEND! IT TO YOUR FRIENDS AND REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.
Hoax Home | Hoax Info | Hoax Categories | Hoax Index | Search HoaxBusters | Other Hoax Sites | Notice To Users
UCRL-MI-140103
[Privacy and Legal Notice]
Notice To Users
hoaxmaster@ciac.org