|May the source be with you, but remember the KISS principle ;-)|
|Contents||Bulletin||Scripting in shell and Perl||Network troubleshooting||History||Humor|
Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013
Contents : Foreword : Ch01 : Ch02 : Ch03 : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13
Chapter 2: Social Aspects of Malware
Useful sites for checking new hoaxes
Some known hoaxes
Supplement 1. Example of the header of CIAC bulletin
No snowflake in an avalanche ever feels responsible
- Stanislaus Lezczynski
Hoaxes can be viewed as a special kind of junk mail that parasite of panic reaction of many people assiciated with viruses. Most hoaxes contains information about non-existent computer viruses and/or Trojans. Sometimes bits of true information is mixed with large doze of fantasy.
Hoaxes are usually distributed via e-mail and often get inside large organizations e-mail systems. These hoaxes are as time consuming and costly to handle as real virus infections. Users are requested not to spread unconfirmed warnings about viruses and Trojans. If you receive an invalidated warning, don't resend it without checking with the HELPDESK and/or LAN support personnel.
The most popular 1997 hoaxes seems to be "Join the Crew" and "PenPaL". All known hoaxes are based on an implicit assumption that opening e-mail message will execute some malicious code (so called Trojan). While such concern is in general valid, this is NOT true for Netscape Messenger and Lotus Notes Mail as well as current versions of all other popular e-mail agents. Only non-patched version of Outlook 97 exhibited such behavior of the past.
Usually only explicit opening of attachments present some real danger. Typical example of such an execution is opening of a MS Word attachment. In this case if document contain auto-macros they will be executed and this is the way by which the macro viruses are propagated. Reading E-mail, using typical mail agents (such as Ms Mail, Notes, Netscape Navigator, etc.), will not activate malicious code even if it is delivered in or with the message.
The following checklist is useful for detecting hoaxes:
As for organization people tend to believe the warning from federal organizations or large computer companies(IBM, HP, etc.), because they should know about those things. One need to understand that even if message is not faked, in any large organization there are a lot of pople who do not have any undestanding of computer technology and that are eager to help others to avoid dangers ;-).
CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org. If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. Ask if he/she is passing on a rumor. If the address of the person does not exist or if there is any questions about the authenticity or the warning, consider it a hoax. Instead, send the warning about this hoax to the HELPDESK. Do not send it out to the world.
In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. For example checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip.
The hoax exists in a dosen of variants. Here is the variant that was found recently:
Please pass onto your staff!
WARNING!!! If you receive an e-mail titled "JOIN THE CREW" DO NOT open it! It will erase EVERYTHING on your hard drive! Send this letter out to as many people you can....this is a new virus and not many people know about it! This message was received this morning from IBM,and the Army National Guard, please share it with anyone that might access the Internet.
Several other variants exist. For example:
IMPORTANT - VIRUS Alert!!!
Take note !
Someone got an email, titled as JOIN THE CREW. It has erased his hard drive. Do not open up any mail that has this title. It will erase your whole hard drive.
This is a new email virus and not a lot of people know about it, just let everyone know, so they won’t be a victim. Please e-mail this to everyone you know!!!
Remember the title : JOIN THE CREW
First 2-3 sentences of the message can vary. In the latest incarnation message can be attributed to IBM. Recommendation J "Please share it with anyone that might access the Internet" can be present at the beginning of the message.
Here is one of the variants:
FYI! Subject: Virus Alert Importance: High If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. Below is a little explanation of the message, and what it would do to your PC if you were to read the message. If you have any questions or concerns please contact SAF-IA Info Office on 697-5059. This is a warning for all internet users - there is a dangerous virus propagating across the Internet through an e-mail message entitled "PENPAL GREETINGS!". DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!" This message appears to be a friendly letter asking you if you are Interested in a PenPaL, but by the time you read this letter, it is too late. The "Trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone who's e-mail address is present in YOUR mailbox! This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!! Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it! And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!
**********VIRUS ALERT********** VERY IMPORTANT INFORMATION, PLEASE READ! There is a computer virus that is being sent across the Internet. If you receive an email message with the subject line "Deeyenda", DO NOT read the message, DELETE it immediately! Some miscreant is sending email under the title "Deeyenda" nationwide, if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterates anything on it. Please be careful and forward this e-mail to anyone you care about. Please read the message below. Alex ----------- FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, EMAIL, and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information, such as email and login passwords, credit cards, personal inf., etc. The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and password are send to the server, this virus can copy this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies). The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked your computer will be unsecure. Although it can attack any O/S this virus is most likely to attack those users viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pagesand fear its spread. Please pass this on, for we must alert the general public at the security risks.
Here is some important information. Beware of a file called Goodtimes. Happy Chanukah everyone, and be careful out there. There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality. What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop - which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.
The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warnin g grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal antivi rus procedure of scanning it before running it should be followed.
Subject: security breached by NaughtyRobot This message was sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web. NaughtyRobot exploits a security bug in HTTP and has visited your host system to collect personal, private, and sensitive information. It has captured your Email and physical addresses, as well as your phone and credit card numbers. To protect yourself against the misuse of this information, do the following: 1. alert your server SysOp, 2. contact your local police, 3. disconnect your telephone, and 4. report your credit cards as lost. Act at once. Remember: only YOU can prevent DATA fires. This has been a public service announcement from the makers of NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
It has been two years since the "Good Times" email virus hoax was launched (See the Good Times Virus Hoax)and we're continuing to see new hoaxes patterned after this lame old hoax. The MMF (Make Money Fast) (hoax) warning is almost a direct copy of "Good Times" while Irina was apparently an
ill-advised publicity stunt.
The so-called "Irina virus" is a hoax. You may receive warnings about a "deadly new virus called Irina". Just as with "Good Times", there is a claim that this virus spreads via email and it's also claimed that it will damage your CPU. (Something that isn't possible to do via software.). This hoax apparently began as part of a media campaign in the UK. According to Graham Cluley of S&S (UK): "The entire hoax was orchestrated by Penguin Books as a publicity stunt for a new interactive book called "Irina".
According to the Daily Telegraph, Guy Gadney (the former head of electronic publishing at Penguin) sent out a bogus letter to newspapers and television stations giving a warning about the "Irina" virus. The message claimed to be from Professor Edward Pridedaux of the College of Slavonic Studies in London.
Prideaux is one of the main characters in the Irina book Penguin is planning to launch. Some newspapers received six copies of the bogus letter, all signed by Professor Prideaux, but making no mention of Penguin Books, a publicity campaign or that the warning was a PR stunt.
The hoax was eventually traced back to Penguin via the
envelopes used. The College of Slavonic Studies does not exist. But London's
School of Slavonic and East European Studies said it had been inundated with
calls to the fictitious Professor Prideaux."
According to virus myths expert, Rob Rosenberger, the first warnings came from a man named Lance Clarke, who claimed computers could contract this virus if a user read a UseNet message where the phrase "MAKE MONEY FAST" appears in the subject line. Lance Clarke admits he concocted the warning message as a hoax. He used the Good Times urban legend as the foundation for his MMF alert message. Clarke apparently got the idea from another person on UseNet's alt.folklore.urban newsgroup who jokingly said "I'm thinking about spreading the Good Times newbie-gooser around with a new title: 'The MAKE MONEY FAST Virus.'"
If you have been active on newsgroups or have simply had an email address for some time you have probably been receiving messages telling you how you can "Make Money Fast". This gets to be rather annoying for many of us and the hoax was no doubt a reaction to this annoyance.
-----BEGIN PGP SIGNED MESSAGE-----
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
< text of the message>
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Copyright 1998, Nikolai Bezroukov. Standard disclaimer applies. As long as this copyright notice is preserved, and any changes are clearly marked as such, the author gives his consent to republish and mirror this text.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: May 08, 2017