[Promotum] Virus/urban legend warning tips

Edmund A. Hintz ed@hintz.org
Wed, 3 Oct 2001 13:12:21 -0700 

Howdy all,

	Many of you are no doubt familiar with the form of interent noise
masquerading as Terribly Important Virus Warnings. In IT we often get
several of them per week, generally with a note at the top saying
something like "I don't know if this is true or not, so I figured I'd send
it to you". Allow me to pass on a few tips which may help you to ascertain
the legitimacy of these messages. 
	
	By and large, any message which implores you to forward it to everyone
you know, should set off alarm bells in your mind. I can't recall the last
time I received such a message that was legitimate, they are pretty much
always a hoax. And I've been on the net using email since 1991, so there's
plenty of history there... "How can I tell the difference", you might ask.
Well, here's a very simple technique which you can use to identify nearly
all of them in about 10 seconds: Lets say you get a mail saying that
there's a new virus out which will leave smelly socks on your coffee table
and drink the last beer in your 'fridge, just by opening a message with
the subject "I Love your Llama". To find out in 10 seconds or less if this
really will leave smelly socks on the coffee table and drink all your
beer(a very serious consequence, I admit), open your web browser and
proceed to your favorite search engine. Mine is http://www.google.com, but
any search engine will do. Since this hypothetical example uses "I Love
your Llama" as a subject, you would search for this text. In the event of
it being a hoax, you will see page after page of links with titles like "I
Love your Llama - virus Hoax". By and large, it will take you less time to
debunk the hoax than it will to send a note to everyone you know and type
the disclaimer ("I don't know if it's real, but I thought I'd send it 
anyway"). As a practical  example of this, here is the google search 
result
page for "an internet flower for you", a well known hoax:

http://www.google.com/search?q=an+internet+flower+for+you

Note the considerable number of links containing the word "hoax". This is
a very good sign that this can be safely deleted rather than forwarded to
everyone you've ever met, along with your congressional representatives
and the email address for the local newspaper.

	On a more global scale, things to watch for in supposed virus warnings
are: 

>Forward me to everyone! 
Trying to spread the hoax.

>This was just discovered ten minutes ago!
Trying to instill a sense of urgency: they want you to think it's Very
Important so that you will quickly forward it instead of thinking about it
or using your search engine. Don't let them do the thinking for you.

>The Liberian Department of Defense says this is the worstest ever!
Using some supposed authority to lend credence to the claim. If the
message doesn't come with a link to the Liberian Department of Defense
website (or Microsoft, or Symantec, or whomever is supposedly making the
claim), it's likely bogus. Time to apply the search engine rule.

>LOTS OF CAPITOL LETTERS!!!! LOTS OF EXCLAMATION POINTS!!!!
Real virus warnings are short on hype and long on details. Hoaxes are
short on details and long on hype. Real virus warnings also tend to come
with links to authoritative websites such as Symantec and McAfee.

	Should you get a message which manages to pass all of the above tests
(won't happen very often, I assure you), feel free to forward them to
your local IT desk or your local tech support guru for verification. 
I would recommend against forwarding them anywhere else until you've 
positively verified their accuracy. It's like the old adage about 
teaching 
a pig to sing: it wastes your time and it annoys the pig...

	Feel free to forward this message to anyone you want: consider it a
public service announcement...



Peace,

Edmund A. Hintz              **|**     "You may say I'm a dreamer,
Mac Techie, Unix Geek,      *  |  *      But I'm not the only one...
Mac/Unix Consultant        *  /|\  *     I hope someday you'll join us,
<ed@hintz.org>              */ | \*      And the world will live as one.
'78 Westy                    *****      Imagine."
                     http://www.hintz.org