Skip the preaching and show me the resources…
Any time a relatively large number of people gathers in one place, a particularly vile sort of vermin appears to feed off the less fortunate. It happened in ancient times, it happened in the old West (snake oil, etc), and it is happening in cyber-space today. Whether their motives are for profit, for destruction, or just plain for fun, the Internet seems to have attracted a high-tech breed of tricksters who take advantage of the large numbers of computer neophytes logging onto the net every day.
The threat comes in the form of a pyramid-like replication of messages which can generate a very large amount of network traffic in a very small amount of time. The problem is amplified by the ease with which the average computer user can forward a message to hundreds of other users. Sometimes the message in question is a typical ‘get rich quick’ scheme and some take the form of seeming ‘good deeds’ or urgent warnings. The one thing that they all share in common is that forwarding one of these messages to hundreds of your friends nearly always does more harm than good. And, in the end, it’s you and I who pay to ship this tripe all over the world.
Such messages are known to computer-savvy users as ‘spam’ – so named because of the Monty Python skit (or so the urban legend goes) where the Vikings ended up chanting their spam song so loudly that nobody could carry on any other communication in their presence. That alone should give you some idea of the nature of the problem (and, I suppose, the IQ of those who would originate one of these useless chains).
One of the most incidious forms of spam is the bogus virus warning. This kind of message preys on new users who are not quite sure exactly what goes on ‘under the hood’ of their new 900Mhz Turbo-wonder. With all the media hype going around about computer hacking and virus infections, it’s no wonder users are concerned.
However, rest assured, there is no way you can be infected by a virus simply by reading your e-mail (see below). The ‘virus’ in many cases, is not the kind which affects computers but rather one which actually infects the users themselves.
I pulled this gem off of the Good Times Virus Hoax FAQ:
When someone on alt.folklore.urban asked if the [Good Times] virus was for real, Clay Shirky answered:
“Its for real. Its an opportunistic self-replicating email virus which tricks its host into replicating it, sometimes adding as many as 200,000 copies at a go. It works by finding hosts with defective parsing apparatus which prevents them from understanding that a piece of email which says there is an email virus and then asking them to remail the message to all their friends is the virus itself.”
The only ‘virus’ involved is the infection of the minds of less experienced computer users with scary hype that causes them to pass on the dire warnings to all their friends. The only effective treatment for this kind of infection is education. Those of us who have learned our lesson must endevor to pass on the correct information whenever we can.
Even when the premise of the story is rooted in truth, these chain-mails often continue to be passed on long after they have served their purpose (like the ‘Modem Tax’ scare), resulting in added nuissance traffic on the net. In some cases (as with the Make-A-Wish e-mail campaign), the added e-mail traffic can actually impede the work of groups organized to help others. A more recent example is the per-minute charge on ISPs which the phone companies had asked the FCC to approve. As it turns out, the FCC had already rejected the request by the phone companies but the massive flood of angry letters helped convince them that the Internet really is becoming the clueless wasteland that some regulation-happy conservatives would have folks believe.
The Internet has made it easier than ever for anyone to make information available to a wide audience. The trouble is, not all of what is published is factual. Just because you read something on your computer screen does not make is so. We all need to learn to engage the brain before putting the fingers in gear. The resources below will help educate you or anyone else you know of who is guilty of passing on ‘spam’. Before long you will find yourself able to ‘smell’ a spam message when it happens and avoid becoming the bane of your cyber-friends.
The general rule should be: If a message asks you to ‘pass this along to all your friends’ – don’t! At least not until you have checked the sources quoted in the message and verified the story for yourself. No quoted sources, you say… Then check it out for yourself – it’s most likely fake. Too much trouble to go through… easier just to press the (F)orward key… if so, just move your little finger over to the left a bit and there you will find (D)elete. Give it a try – countless Internet users will be glad you did!
As a postscript to all this, I would like to share an interesting essay I received on the 15th of October 1999. The message becan with the following note: “I’d be honored if you’d place a copy of this little article I wrote on your anti-spam page. I’ve placed it in the public domain, so you are welcome to fold, spindle, mutilate, steal, staple, fondle, or otherwise abuse the following text. I’m tempted to send it to all my friends (with a plea to send it to all their friends), but that would be kind of hypocritical”. Thanks, Venicia. Sometimes I wonder how many people would miss the point and send it to all their friends anyway.
Reference Links
- Don't Spread that Hoax!
- Global Online's Net Virus Hoaxes
- The Computer Virus Myths page
- The Urban Legends Archive
- Fight Spam on the Internet!
- Randy Cassingham's excellent rant on Getting Rid of 'Spam'
- The Netizen's Guide to Spam, Abuse, and Internet Adverising
- The official alt.spam FAQ can help you track down the source of unwanted e-mail.
- The Computer Incident Advisory Capability of the U.S. Department of Energy
- Data Fellows has a searchable virus database
- The Hitchhikers Web Guide AntiVirus Resource Page
- Dr. Solomon may have the cure for your virus (and a pretty good list of hoaxes as well).
- The Good Times Virus hoax
- The Jessica Mydek (little girl dying of cancer) chain letter hoax
- The Phone companies attempt to charge per-minute rates for Internet access
- The NaughtyRobot hoax
- Another (and funnier) NaughtyRobot hoax page
- The Internet Explorer Security Bug or the MSIE Home Page
- The Whole-Web Spoofing Attack
- An excellent parody of computer crime and paranoia
- People Against Under Construction Images
- The Electronic Frontier Foundation
- The Electronic Privacy Information Center
- The National Fraud Information Center
If you know of any other references which debunk these kinds of e-mail hoaxes, please send me the details and/or URL and I will add a link to that page. Together we can get the word out and stop this kind of time and bandwidth wasting boloney. </soapbox>
On Safe Computing
There is a lot of hogwash floating around concerning just how viruses get onto your computer in the first place. In my missive above, I stated that you cannot get a computer virus by simply reading your e-mail. This was true then and, technically, it’s also true now. In order for a virus to infect a computer, the computer must execute some tainted code. Reading data files simply won’t do the trick. However, in these modern days of fancy automated software, it is possible for you to run a tainted program without even knowing it. The result is that is seems that reading a simple e-mail message triggered the virus. But, in fact, it was your own software that gladly accepted the virus.
What can you do to protect yourself? Most modern browsers and e-mail packages contain security settings that allow you to choose what to accept and when. If your mailer is set to automatically execute any programs received as attachments, you’re asking for trouble. In fact, I suggest you routinely discard any executable programs you receive in an e-mail attachment, even from someone you know. Eventually everyone will realize that if they want you to see some funny graphic, they’d better not send it in an executable form. The self-unpacking archive was a good idea in its time but these days everyone owns some kind of utility for unpacking archive files so it’s simply not worth the risk.
Another culprit is the macro processor build into some of the more modern word processors. Microsoft Word used to be a prime target for virus writers because you could embed executable code into any document and the user, just by opening the document, would be succeptable to all sorts of havoc. But these days, any program that automatically runs macros should have an option to request a confirmation before auto-running any macros. If yours doesn’t have such an option, get a version that does. And set it to always warn you and don’t ever allow the macro to run unless you know what it’s intending to do (heck, even if the macro doesn’t have an intentional virus you still should never trust the programming skill of anyone who uses a word processor macro language to write software).
The bottom line is that it’s still impossible to become infected with a virus simply by opening a data file – but you have to know how to set up your software so that it opens the file and does nothing more. And doing that is getting easier all the time.