Virus Warning! (Generic Reply to a Forwarded Hoax)

Definitions

by Jerry Stern
Computer Tech and Webmaster at PC410.com
  

Dear Friend–

I’ve received your latest forwarded message about the virus that is going to destroy the internet as we know it if we open that email with the urgent-sounding title. Please don’t forward these to anyone–they create FUD. That’s Fear, Uncertainty, and Doubt. They do nothing positive.

The message was, to begin with, old. When it was new, it had a few almost-true near-facts in it, like the name of a real email subject line. Everything beyond that was like listening to technology news on my local television news stations–it’s last week’s news, or last year’s news, with the important parts left out.

What you need to remember about forwarded messages that arrive in your mailbox is that they’ve generally been out and about being forwarded, for years. Decades, even–I’ve received forwarded jokes and cartoons that also showed up on my desk by fax in the 1990’s, and by interoffice photocopy-of-a-photocopy in the 1980’s. Forwarded emails are old, old, old.

And security news is meaningless after five days. All good antivirus software blocks every known threat that’s more than three days old. The bad guys know this, and they change their approaches to getting your system infected constantly, sometimes twice a day on some of the big families of rogue malware. Now, while there are bad emails going around that will infect your computer if you haven’t patched it, or that contain evil infectious links, the bad guys change the subject lines daily to keep their messages from being caught by SPAM filters, so trying to block them by not opening an email with a specific subject line isn’t remotely practical or safe.

So by forwarding this old message, you’re scaring people, and encouraging them to get their security news by watching for it to fall into their mailboxes from the sky. There are valid sources of security news, and forwarded email isn’t on the list.

Several points to keep in mind–every one of these tells you this is either a hoax or badly-reported ancient history:

  • Microsoft and Norton don’t need your help to report news. For that matter, neither do CNN, Neiman Marcus, or Homeland Security.
  • The message is undated.
  • It asks you to forward the message.
  • It claims knowledge from a credible source, but it’s a generic source that can’t be reached, like ‘Microsoft’ or ‘NBC’.

The best thing to do with these forwarded messages is to delete them. Don’t spread the FUD.

The REAL Microsoft security news is here:
http://technet.microsoft.com/en-us/security/default.aspx

The REAL security news from the US Department of Homeland Security is here:
http://www.us-cert.gov

And here’s an article by Rob Rosenberger on ‘False Authority Syndrome’, to help you recognize hoax emails:
http://vmyths.com/fas/

Mailbag: 500 Hard Drives, Yeah, sure…

Field Reports

From today’s mail, slightly sanitized enough to protect the companies whose names or contact data are being abused:

Hello, We want to place an order for 500 units new Western Digital Caviar Blue 500GB SATA/600 (WD5000AAKX) 7200RPM 16MB Hard Drive (OEM).
Do get back to us with your price quote which should include FedEx next day A.M shipping to our I.T location in Deerfield Beach, FL ____.
Method of Payment would be net 10 terms. We look forward to your immediate response.
Thanks,
Kevin Douglas
Puchase Manager
The Twister Group
________
Glenview, IL 60025
Phone: 855-_________ext 374 Fax: 877._______
Email: _______

Yeah, right. 500 hard drives, net 10 terms, shipped to Florida by early-day overnight delivery–hot rush, but billed to Illinois on credit terms to an unknown company, when your web site looks like this:

Twister Group

The fax number provided goes to a real electronics distributor in Indiana, no relation.

So I’m just wondering…. Are there companies stupid enough to ship this order?

For anyone selling computer hardware on the internet, expect orders for hardware to fall from the ‘net, and expect them to be fake. I had one last year that needed 6 notebook computers and 3 network routers with VPN support, drop-shipped to Florida, with a credit-card billing address in Georgia, and would you please bill it to these three credit cards in equal amounts? What? The numbers are consecutive? Really?

I called the bank on that one, after looking up the first 4 digits of the card numbers to identify them, and had a chat with their fraud department. They told me, short version, “Unbelievable. Impossible. Felons.” Words to that effect.

Fraud on the Internet goes both ways. It’s not just shady Internet vendors–every possible opportunity to have a transaction is being attacked.

Windows Update Broke My Computer… not!

Identification

Yesterday was Patch Tuesday. That’s the monthly release date for Microsoft to push out patches for Windows; it’s always on the second Tuesday of the month. Today, I’m getting phone calls about computers being down.

First call: “When I looked at the computer this morning, the screen said it was shutting down. It just sat there, so I rebooted. Nothing. Blank”

My questions: Does that computer run all the time? (Yes, it backs up at night to an external drive.)

So it hasn’t rebooted in a while? (I guess.)

“OK, unplug the external hard drive and any other USB storage devices, and reboot.” That fixed it.

Why? Because PCs of a certain age, circa 2003-2006, frequently dislike booting with a USB storage device plugged in. The machine is never turned off, until Windows Update comes along and forces a reboot.

Second call: “I thought I broke it. It was just sitting there with a spinning message forever. I let it run and it eventually shut down. My husband says I broke it again. You repaired it last week!”

Answer: LOTS of big patches last night. Slow shutdown was normal; patches were installing.

Hey, Microsoft! Automatic patching is clearly doing more good than evil, BUT clear communications would really help. Like “Your monthly security patches from Microsoft are installing right now. These happen on a regular schedule. Learn more at: (simple link that can be remembered for later)” NOT “Your computer is shutting down” or “Installing… Do not turn off your computer…” Clear messages that say that you’re working to improve their security are better than techie messages that say their systems are going DOWN. 🙁

Don’t scare your customers. That’s the job of the bad guys.