Computer Services

Tel 650.548.1010
Burlingame, CA USA


Don't fall for virus hoaxes

Revised on

Originally posted on June 3rd, 2002

They get you coming and going...

They're not as directly dangerous as viruses, but e-mail hoaxes could end up costing your company more money. Wayne Rash tells you how easily hoaxes slip through your firewall--and how you can halt them.

By Wayne Rash, Enterprise

You've almost certainly received an e-mail warning you about a new virus. You know the type--one of those mass e-mails containing warnings of all sorts of dire things that can happen if the described virus or worm gets loose on your system. The e-mail goes on to list the name of the offending file, and tells you that all you need to do is delete the file, and the threat will be gone.
So you check your system, and sure enough, there in the Windows directory is the very file the e-mail warned you about. You wonder briefly why your antivirus software didn't pick up this one, but then you remember that the letter said that this one was so clever that antivirus software couldn't detect it. Guess you'd better delete it, right?

Wrong. If you actually do delete the file, you could very easily spend the next couple of hours reinstalling Windows. And that, of course, is why the antivirus software didn't issue an alert. The e-mail was a hoax, and if you follow its instructions, you could delete an important Windows file--one that's supposed to be there.

"Hoaxes are almost a bigger problem than viruses," notes Roger Thompson, technical director of malicious code research for the ICSA in Herndon, Virginia. He notes that it's a lot easier to create a good hoax than it is to create a good virus. And antivirus software, obviously, can't detect a hoax. So these hoaxes usually get through.

As a result, enormous amounts of company resources are used up in dealing with hoaxes. Employees spend time sending the messages to others, some waste time looking for and deleting the offending files, and time is also spent restoring users' computers after they've deleted those files.

Right now, the hot hoax is one that warns of a file on your computer called JDBGMGR.EXE, which an e-mail claims will invade your computer, lie dormant for two weeks, and then release a worm. In reality, this is a file that allows Windows to use Java. If you erase it, you won't be able to use Java.

Making matters more complicated, JDBGMGR.EXE is a file that is sometimes sent out in infected form by the MAGISTR virus, meaning that you could find it as an attachment in an e-mail. The result is even more complicated; in one case, you don't want to erase the file (when it's on your hard disk) but in another case, you do (when it's in an e-mail). You can imagine how much fun the support desk is having with that one.

In some ways, JDBGMGR.EXE is similar to the granddaddy of virus hoaxes--the "Goodtimes" virus of seven years ago. If activated, this virus was supposed to execute code that would cause your CPU to overheat and fail. Aside from the fact that you can't do that with software (at least not the way the e-mail described it) there was simply nothing to it. But for months, thousands of people were searching for anything named "Goodtimes."

That hoax was complicated by two things. In those days, Microsoft shipped a music video on the Windows CD called "Goodtimes." So people were freaking out when they found what they thought was a virus on their operating system CD where it couldn't be erased. Then, a few months later, somebody actually did release a virus called "Goodtimes." By then, most people had learned that Goodtimes wasn't a virus. So they didn't treat it as one. Imagine the consternation.

The answer to the chaos caused by these hoaxes isn't all that easy, but you should start by making sure your employees know that such things exist. Maybe that will help them learn not to believe everything they read in e-mail. The next thing you should do is appoint someone to be the hoax point of contact. Then, when people receive warnings, real or imagined, about viruses, you have someone who can actually investigate and tell whether it's real. Remember, if a hoax requires as much resources as fixing a virus does, there's not much practical difference. It might as well be a real virus.