Chronology Current Month Current Thread Current Date
[Year List] [Month List (current year)] [Date Index] [Thread Index] [Thread Prev] [Thread Next] [Date Prev] [Date Next]

RE: Urban Legends



On Sun, 24 Aug 1997, Karl Trappe wrote:

Are there any general guidlines as to when its worth worrying about,
and what kind of action on the recipients part can lead to a virus being
capable of working?

From CIAC Virus Hoaxes, http://mwir.lanl.gov:8080/virus/Virus_Hoaxes.html

How to Identify a Hoax

There are several methods to identify virus hoaxes, but first consider
what makes a successful hoax on the Internet. There are two known
factors that make a successful virus hoax, they are: (1) technical
sounding language, and (2) credibility by association. If the warning
uses the proper technical jargon, most individuals, including
technologically savy individuals, tend to believe the warning is real.
For example, the Good Times hoax says that "...if the program is not
stopped, the computer's processor will be placed in an nth-complexity
infinite binary loop which can severely damage the processor...". The
first time you read this, it sounds like it might be something real.
With a little research, you find that there is no such thing as an
nth-complexity infinite binary loop and that processors are designed
to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent
the warning. If the janitor at a large technological organization
sends a warning to someone outside of that organization, people on the
outside tend to believe the warning because the company should know
about those things. Even though the person sending the warning may not
have a clue what he is talking about, the prestigue of the company
backs the warning, making it appear real. If a manager at the company
sends the warning, the message is doubly backed by the company's and
the manager's reputations.

Individuals should also be especially alert if the warning urges you
to pass it on to your friends. This should raise a red flag that the
warning may be a hoax. Another flag to watch for is when the warning
indicates that it is a Federal Communication Commission (FCC) warning.
According to the FCC, they have not and never will disseminate
warnings on viruses. It is not part of their job.

CIAC recommends that you DO NOT circulate virus warnings without first
checking with an authoritative source. Authoritative sources are your
computer system security administrator or a computer incident advisory
team. Real warnings about viruses and other network problems are
issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.)
and are digitally signed by the sending team using PGP. If you
download a warning from a teams web site or validate the PGP
signature, you can usually be assured that the warning is real.
Warnings without the name of the person sending the original notice,
or warnings with names, addresses and phone numbers that do not
actually exist are probably hoaxes.

What to Do When You Receive a Warning

Upon receiving a warning, you should examine its PGP signature to see
that it is from a real response team or antivirus organization. To do
so, you will need a copy of the PGP software and the public signature
of the team that sent the message. The CIAC signature is available
from the CIAC web server at:

http://ciac.llnl.gov

If there is no PGP signature, see if the warning includes the name of
the person submitting the original warning. Contact that person to see
if he/she really wrote the warning and if he/she really touched the
virus. If he/she is passing on a rumor or if the address of the person
does not exist or if there is any questions about theauthenticity or
the warning, do not circulate it to others. Instead, send the warning
to your computer security manager or incident response team and let
them validate it. When in doubt, do not send it out to the world. Your
computer security managers and the incident response teams teams have
experts who try to stay current on viruses and their warnings. In
addition, most anti-virus companies have a web page containing
information about most known viruses and hoaxes. You can also call or
check the web site of the company that produces the product that is
supposed to contain the virus. Checking the PKWARE site for the
current releases of PKZip would stop the circulation of the warning
about PKZ300 since there is no released version 3 of PKZip. Another
useful web site is the "Computer Virus Myths home page"
(http://www.kumite.com/myths/) which contains descriptions of several
known hoaxes. In most cases, common sense would eliminate Internet
hoaxes.
______________________________________________________________

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence
Livermore National Laboratory in Livermore, California. CIAC is
also a founding member of FIRST, the Forum of Incident Response and
Security Teams, a global organization established to foster
cooperation and coordination among computer security teams
worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH.
CIAC can be contacted at:

Voice: +1 510-422-8193

FAX: +1 510-423-8002

STU-III: +1 510-423-2604

E-mail: ciac@llnl.gov

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness,
or usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its
endorsement, recommendation or favoring by the United States
Government or the University of California. The views and opinions
of authors expressed herein do not necessarily state or reflect
those of the United States Government or the University of
California, and shall not be used for advertising or product
endorsement purposes.
_________________________________________________________________

L o s A l a m o s N a t i o n a l L a b o r a t o r y
Operated by the University of California for the U.S. Department of
Energy

......................uuuu / oo \ uuuu........,.............................
William Beaty voice:206-781-3320 bbs:206-789-0775 cserv:71241,3623
EE/Programmer/Science exhibit designer http://www.eskimo.com/~billb/
Seattle, WA 98117 billb@eskimo.com SCIENCE HOBBYIST web page