The whole topic of hoax viruses has raised its silly little head again. People who really should know better - often highly respected IT-literate people - are being taken in by the latest wave of hoaxes, which are being made to look increasingly realistic.
These hoax warnings muddy the water regarding the real issue: the ongoing lack of attention to information security and the substantial damage that real viruses wreak.
Ian Melamed, Chief Technology Officer, SatelliteSafe
Just to summarise, hoax viruses are sent out to achieve exactly the same effect as real viruses: to take control of your e-mail address book and get themselves sent to all and sundry.
Of course, it`s not just hoax viruses that are sent out in this manner; it`s also pleas for donations for a little girl who needs a kidney, a case of Coke for every 1 000 people you send the e-mail on to, impassioned cries for support for the Chinese Bears and the Tuli Elephants, and a promise that Bill Gates will send you $5 every time you forward the e-mail.
I was sent a delightful note that summarises the cost and risk associated with hoaxes, so I thought I`d share it with you.
"If everyone on the Internet were to receive one hoax message and spend a minute reading and discarding it, the cost would be: 50 million people x 1/60 hour x R300/hour = R240 million.
"Most people have seen far more than one hoax message and many people cost a business far more than R300 an hour when you add in benefits and overhead. The result is not a small number.
"Probably the biggest risk for hoax messages is their ability to multiply. Most people send on the hoax messages to everyone in their address books but consider if they only sent them on to 10 people. The first person (the first generation) sends it to 10, each member of that group of 10 (the second generation) sends it to 10 others or 100 messages and so on.
"By the sixth generation there are a million e-mail messages being processed by mail servers. The capacity to handle these messages must be paid for by users. This example only forwards the message to 10 people at each generation while people who forward real hoax messages often send them to many times that number.
"Recently, we have been hearing of spammers (bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and chain letters. After a few generations, many of these letters contain hundreds of good addresses, which is what the spammers want. We have also heard rumours that spammers are deliberately starting hoaxes and chain letters to gather e-mail addresses."
* In case you receive hoax notices of viruses and are a little uncertain if they`re real or not, this list is definitive, as declared by Sophos on 17 November:
- Big Brother: Claims there are certain pornographic photos on the Web which will infect your computer with a virus if you open them.
- Perrin.exe: Claimed to destroy your computer. Arrives in the form of a warning telling people not to open e-mail that reads "upgrade internet2".
* Others, a little longer in the tooth, but still in circulation, are:
- AIDS
- Win a Holiday
- IBM Giveaway
- Girl Thing
- Good Times
- Death Ray
- Mobile Phone Virus
- The Phantom Menace
- Naughty Robot
- How to Give a Cat a Colonic
- The Sandman
They have a number of commonalities:
- They warn of non-existent danger which will infect and perhaps destroy your computer.
- They claim there is no cure
- They invoke the name of companies such as Microsoft or CNN to add validity to their claims.
- They implore you to transmit the message to everyone you know to get the word out as fast as possible.
All I can add is that these hoax warnings muddy the water regarding the real issue: the ongoing lack of attention to information security and the substantial damage that real viruses wreak. If in any doubt as to the validity of an e-mail warning, please feel free to drop me a line on ian@satellitesafe.com.
* With that off my chest, here`s some great news and a real breakthrough in improving PC security. It`s a network authentication card from ComSense Technologies which interfaces to PCs without a reader. It makes use of ultrasound to communicate with the PC through the computer`s microphone. A 30kb application authenticates you, and you`re up and running. This is a simple but elegant idea, which can make a contribution to the ongoing information security battle.
Share
