There are very few people who can say that they have never been the victim of a virus infection. That's just the nature of the online world these days. A virus infection can take down your network, destroy data, reveal confidential information and much more. But do you know what else is nearly as damaging as an actual virus infection? Virus hoaxes.
The problem with most hoaxes is that there is no programmatical way to prevent them from hurting you. Hoaxes work by exploiting your fears, your desire for self-preservation, your gullibility, your common sense, your desire for knowledge, your intelligence and your ignorance. In other words, hoaxes are a social-engineering attack to which everyone is vulnerable.
So, what is a virus hoax? Well, it can be as simple as an e-mail message warning you about a spreading virus with instructions on deleting the virus file from your system. Often such instructions guide you through a process of hamstringing your system -- no virus necessary. Others hoaxes may include an attached scan and repair utility that actually installs a remote access backdoor on your system.
A virus hoax can convince people to perform malicious activities on their own system, open access pathways, purchase unneeded software, send money, reveal private or confidential information, avoid software, bypass legitimate information, avoid benevolent help and more.
I've found a great site that chronicles the spread of virus hoaxes and other computer security related hoaxes: vmyths.com. Take some time and peruse the archives. I'm sure you'll find out about a handful of myths, hoaxes or scams that you or someone you know succumbed to.
By the way, here are a few quick tips on how to avoid getting duped by a hoax:
- Don't believe everything you read online, especially if it is sent to you via e-mail.
- ALWAYS verify the source of information before you accept it.
- Always check with other sources to corroborate the story before accepting it.
- Never use any utility, program, etc. attached to an e-mail message from someone you don't know or that you didn't specifically request.
- If a virus issue is real, every one of the major virus vendors (such as Symantec/Norton, Trend Micro, Network Associates/McAfee, etc.) will have details about it within hours of its discovery.
- If in doubt about an infection, turn of the affected system until you can obtain a verified repair option or prove the issue is a hoax
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in August 2002