Wizard's World News

The information you need
regarding viruses, hoaxes
and urban legends.

Tips for determining accuracy...
Where to go to find the truth...
and what to do if you find
you've been infected.
insert spa

E-mail Hoaxes

Urban Legends

Virus Scares

Real Viruses

Links to Accurate Information

E-mail Hoaxes
Tips for determining accuracy...and
where to go to find the truth.

If you have e-mail, you've gotten them...the letters warning that your kidney will be stolen, that gangs are hoping you'll blink your lights at them so they can kill you, or that Bill Gates is just dying to send you to Disneyworld, if you'll just forward a few e-mails.

You've also received countless virus warnings, some are real and some are not. Welcome to the world of hoaxes and urban legends.

We've all been guilty of forwarding bogus information to family and friends, thinking we were doing them a favor by warning them of the danger. Unfortunately, all we accomplished was forwarding false information. You may have gotten an angry response from one of the people on your list who find such e-mails an annoyance.

Those most annoying are the ones that say all you have to do is forward this e-mail and you'll receive some fabulous reward. Know this - no one is ever going to give you something for nothing - especially for just forwarding an e-mail.

Some promises if you forward an e-mail to your friends have been silly, like a dancing dog will miraculously appear on your screen...world famous fashion stores giving you free gift certificate...A music club will give you free CD's...free cars, computers and trips to Disneyland.

Folks...it won't happen. No one is going to give you something valuable for simply sending an e-mail to your friends.

The question is, how do you know if an e-mail containing doom and gloom information is real or phoney? The false warnings often contain two elements that can fool even savvy computer users:

2) titles that give credibility (someone employed by a company who ought to know about these things...)

Here are some tips that will help you determine whether the source is legitimate. If you follow these guidelines, you'll be able to determine whether the e-mail is worth your time and attention.

Two huge clues that the e-mail is bogus - multiple forwards before you get it, and the insistence that you to pass it on to all of your friends! These things are chain letters, and the fun for the author is to see how many people pass it on.

These clues don't automatically mean the e-mail is a fraud. Legitimate e-mails may encourage you to tell friends, so this alone isn't enough, and from time to time we all forward a worthy e-mail.

There are other things to look for, like vague attribution. Who is the source of the information you're receiving? Hoaxes and Urban Legends usually attribute the information they're passing on as being from "authorities who say..." or "studies which show..."

What authorities, and where are they from? Even if there is a name and e-mail address at the end of the message, that doesn't mean it's legitimate. Send an e-mail to the "expert" and confirm that the information is correct before you forward the e-mail. It takes just a second to send a quick note asking if the information you have is valid.

If the e-mail uses statistics or information from official sounding studies, legitimate sources will tell you the full name of the study, who conducted it, and where you can see the results of the study for yourself. The absence of sources is a red flag that the e-mail is a hoax.

Also, LOOK for the OVERUSE of CAPITAL LETTERS and lots of exclamation points!!!!!! E-mail chain letters are filled with cliches referring to scary notes, gangs, guests on Oprah, as well as the vague sources and studies discussed earlier.

As far as viruses are concerned...the only way that you can get a virus from e-mail is by opening an executable file (.exe) that is infected with a virus. If you are unsure what the executable file is - some real viruses automatically send themselves to everyone in an infected system's address book - delete it immediately or save it WITHOUT opening it and run a virus scan on it. This will work only if your anti-virus software is up to date.

To be safe, if you weren't expecting the executable file - delete it. If you feel uneasy about that, after deleting it, send an e-mail message to whoever sent it to you, telling them what you did and why. If it's important, they can resend it.

Most of the urgent emails you get about "deadly viruses" are usually just hoaxes. But there are a few real ones out there. Watch out for...

An Internet worm that began spreading rapidly on 6/19. The worm uses Microsoft Outlook to send copies of itself to all entries in the address book and through installations of Pirch, ICQ and mIRC.* It also spreads to all available mapped drives on your system.

If the attachment is run, the user sees a list of jokes while the worm infects the system and attempts to send copies of itself to all addresses in Outlook address book, as well as through the other channels mentioned above.

* Pirch is an internet relay chat client for Microsoft Windows 95/98/NT, mIRC is a shareware IRC chat client for Windows and ICQ lets you initiate IRC style chat sessions -- it alerts you when your friends are online and lets you chat with them.

On May 3 businesses everywhere became infected with the "The Love Bug" worm (aka "Very Funny," "VBS/LoveLetter.A worm," "Mothers Day") through a variety of ways, including electronic mail, Windows file sharing, IRC, USENET news, and possibly via webpages. This worm attempts to send copies of itself through mIRC to the IRC channels and through Outlook to all address book entries. The most recent version involves an email with the subject of "Mother's Day Gift Confirmation" - see below.

VBS/LoveLetter.worm also attempts to download and install an executable file called WIN-BUGSFIX.EXE, a password stealing program that will email any cached passwords it finds to the mail address MAILME@SUPER.NET.PH. It will also delete any graphic files on your hard drive. The email is recognizable by:

The body of the message reads "kindly check the attached LOVELETTER coming from me.

MOST RECENT VARIATION: Be extra alert because a new variation involves the subject of "Mothers Day Gift Confirmation" and the attachment is called "MOTHERSDAY.VBS." The message reads: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com."

Another variation involves the subject of "FWD: JOKE" and the attachment is called "VERY FUNNY.VBS"

Antivirus experts are warning computer users not to open a Y2K countdown program that is sent in an email that claims to be from Microsoft. The e-mail was not sent by Microsoft, and the enclosed attachment is not a Y2K countdown program, but rather a Trojan virus. If users try to open the alleged program, the virus can install itself onto the user's computer and can take files from a user's system and send them across the Net. Users who simply open the email but do not try to load the "Y2Kcount.exe" program are in no danger from the virus. Users who attempt to install the program will see a message saying the Y2K counter was unable to install. The email contains the following message:

We are excited to announce Microsoft Year 2000 counter. Start the countdown now. Let us all get in the 21 Century. Let us lead the way to tyhe future and we will get you there FASTER and SAFER.

A recent virus, discovered on 8/26/99. Though it spreads through sharing of documents, and not by automatically emailing itself across networks, it has achieved a high rate of prevalence very quickly.

The virus carries a potentially destructive payload that will attempt to delete all files on a user's C: drive on the trigger date of December 13th.

Users infected with the Thursday virus will see no obvious indications that a document has been infected. However, because the virus infects Word 97's normal.dot, the size of that file will increase from its normal 27K. In addition, the virus turns off Word 97's Macro Warning feature. If a "clean" document known to contain macros does not produce the regular warning, this may be an indication that the system is infected.

A team of computer scientists has discovered a bug in tens of millions of Microsoft Windows computers that lets an attacker take control of a PC simply by sending an email message. If you use Internet Explorer or its viewer in any way, read this article and download the patch.

This virus hit on April 26, 1999. Earlier versions have hit on the 26th of other months. The virus mainly effects the hard disk by erasing a vital portion of it that makes access to the disk impossible, even if booted from a floppy. The virus also damages the FAT of the first partition (mainly the drive C). FAT stands for (file allocation table) which stores a map of how the storage of the disk is utilized by different files. By damaging these vital portions the virus makes the operating system completely unaware of what's inside the hard disk. The virus also damages the BIOS of some computers.

DataFellows and Symantec have some great info on detecting and removing the virus.

MRECOVER is a utility program that recovers data from hard disks damaged by the CIH virus. In some cases you will be able to do a 100% recovery (back to the state before the damage occurred). The program is available to download free of cost.

For a complete history and some remedies, check out the Web sites below - they have some great info.

Here are two links for the info on the Melissa virus from two anti-virus software companies. If you don't currently use anti-virus software, we highly recommend you install an anti-virus program now - and check for updates each week.

Mac users will not be affected by Melissa, but they should still use virus protection software:

If you receive an email with an attached file named "happy99.exe," please do not run the file. Although it doesn't (apparently) cause physical damage to the drive, it installs itself into your system directory by copying a certain DLL, then convinces your mail program to send it out via emails and Usenet posts.

Just opening and reading the email message is not a danger, but don't execute the attached file. For example, if it's shown as a link in your email program, don't click it.

Bottom line: Don't open or run any email attachments unless you know exactly what they are.

This virus infects the NORMAL.DOT file of Word 97 documents in Word 97 and Word 2000. Through Word97 it infects Excel spread sheets and PowerPoint presentations as well.

You can remove this virus from your computer by using Protector Plus antivirus software (30 day free download) or by using a generic macro virus eliminator called BanMacro. BanMacro is designed for those who use MS-Word or Excel but will NEVER use the macro feature of the packages. The utility is free for personal and non-commercial use.

Notice: We provide Internet Scambusters as a public service and, unfortunately, don't have the manpower to answer the hundreds of emails we receive concerning your questions on individual scams, companies or chain emails. We've developed some excellent resources which you can use to find the answers you're looking for. And be sure to subscribe to Internet Scambusters to get the scoop on the latest Internet scams.