November 1999

Is It a Real Virus or a Hoax?

Remember the commercial that asked "Is it Memorex or is it live"? Well — with a little twist — is it a real virus or a hoax?

There are real viruses (and other forms of malicious programming) and there are hoaxes and chain letters. Hoaxes and chain letters are designed to clog the network. All hoaxes are chain letters, but not all chain letters are hoaxes.

Hoaxes

According to the Internet Hoaxes page of the US Department of Energy, Computer Incident Advisory Capability (CIAC) Web site, there are several methods to identify hoaxes:

1) technical sounding language that is bogus
A virus-like program cannot spread by reading an e-mail message. While an infected program could be attached to an e-mail message, the e-mail message itself cannot contain one in any form that could be executed. You should never double-click (or launch) any file, regardless of who the file is from, until you first scan that file with your antivirus program. This is especially true, if someone unexpectedly sends you an executable file (ends in .exe). Also, make sure that Macro Virus Protection in Microsoft Word is turned on.

2) credibility by association
For example, if the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real.

3) the admonishment to "distribute this notice to as many people as possible (or to your friends)"

Chain letters

Chain letters all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts:

A hook: to catch your interest and get you to read the rest of the message. These tie into our fear for the survival of our computers or into our sympathy for some poor unfortunate person.
A threat: warn you about the terrible things that will happen if you do not maintain the chain. However, others play on greed or sympathy to get you to pass the message on.
A request: the electronic ones simply admonish you to "Distribute this letter to as many people as possible."

Chain letters usually do not have the name and contact information of the original sender so it is impossible to check on its authenticity. Legitimate warnings and solicitations will always have complete contact information from the person sending the message and will often be signed with a cryptographic signature, such as PGP, to assure its authenticity.

What should you do?

If you receive an e-mail message warning of a virus or that is a chain letter, either delete it or send it on to your unit computer support person. We routinely work with computer support people to send them notices about real viruses and hoaxes. Do not forward the message to your friends and relatives because you will be clogging up the network. In addition, you lend your and your organization's reputation to the message, making it appear to be authentic even when that is not the case.

If you would like more information on viruses, hoaxes, myths, etc., check out the resources for this article:

US Department of Energy, Computer Incident Advisory Capability (CIAC), Internet Hoaxes page
Computer Virus Myths Web site

~ Pamela Peters

[ Return to CIT Information newsletter Index ]

CIT Information is published by Communications and Information Technology - Computing section, Institute of Agriculture and Natural Resources, University of Nebraska-Lincoln. Newsletter articles may be copied and distributed for nonprofit, educational purposes only and the source must be acknowledged. Direct all correspondence to the editor, Pamela K. Peters (E-mail: pkpeters@unlnotes.unl.edu; Phone: 402/472-5630; FAX: 402/472-5639).

The University of Nebraska-Lincoln is an affirmative action - equal opportunity employer.