Monday, February 11, 2008


I got my first question about a virus hoax this year today. That's progress.

What is a virus hoax? It's an e-mail message warning you of a virus. The first sign of one, is this warning:


That's the entire point of the hoax: to get you to e-mail the message to everyone you know.

Luckily, here at Siena, most faculty know not to do this, or at least to contact I&TS first. But students sometimes get caught.

It's a nice exercise in social engineering, of course. That's the term for fooling people into doing what you want them to do. This is harmless (other than causing needless anxiety), but other forms of social engineering are used to steal passwords and other security information.

It used to be you could plan for these every October. In September, thousands of Freshmen across the US got their first e-mail accounts, and by October, they learned how to FWD:FWD:FWD:FWD mail. Now it's less predictable and can happen at any time.

The messages can take many forms, but, oddly enough, they all contain this paragraph:

This is the worst virus announced by XXXX. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

I've been seeing these for over ten years, and 85% of them have some variation of this. The name of who announces it, who classifies it, and who discovers it varies, but the "Zero Sector of the Hard Disc" is almost a constant.

But that doesn't mean it doesn't change. The subject line varies, with new variants every few months. But lately, they've been adding this line:

checked, and it is for real!!

Snopes is a site that debunks urban legends and hoaxes, and is a good way to check if a message is real or not. But the link given goes to a different message, one about a real virus. If you click on it and read it, you'll see it has nothing to do with what is in the warning e-mail (No "Zero Sector on the Hard Drive"). The sender is betting that you won't click on the link, and if you do click on it, you won't read the message to see that the link has nothing to do with the warning.

Until the Gullibility Virus is eradicated, virus hoaxes are going to show up from time to time. If you get one, search for the subject line in Google and you'll usually see it's just a trick.