Eaten By Snakes: Virus Hoaxes & How To Spot Them

Every year businesses worldwide spend more money soothing the nerves of employees who’ve received hoax virus warnings than they do on actual viruses. So before you pass on the note your friend Ned sent you about a new virus that will make snakes eat your hard drive, give it a little thought.

If you didn’t receive an email from a friend a while back warning you about the deadly SULFNBK virus, you probably haven’t gotten out much on the net yet. SULFNBK, the email warned, can hide in your computer and exact terror on a certain date, and it helpfully goes on to tell you how to delete the renegade file.

SULFNK was another hoax. SULFNBK.exe is a standard Windows operating system file, allowing Windows to handle large file names like “memo to dad.doc”. (Read Mcafee Associates warning about Sulfnbk)

At the U.S. Department of Energy, a group called the Computer Incident Advisory Capability monitors and debunks phony virus alerts and chain letters as an integral part of its overall security program – check their site at <href=‘’ target=‘_blank’>

Rule Number 1:
If you see request in an email warning to “Pass it on,” you should immediately be highly suspicious of the message. The fastest way to prove a virus warning is to look it up in Symantec’s online <href=‘’ target=‘_blank’>hoax and virus encyclopedia.

Another excellent resource is from <href=‘’ target=‘_blank’>Stiller Research, which lists the top five hoaxes of the month including, in April 2000, a hoax regarding asbestos being used in tampon production.

Spotting a Hoax
Hoaxes usually include sentences in ALL CAPITAL LETTERS in the subject line and lots of exclamation points!!!!!! They also have, almost universally, this syntax:

“If you receive an email with a file called ‘Such-and-such’, do not open it. It contains the email virus E’This and that’ which will ‘do this or that’ your hard drive.”


Another type of hoax involves having you forward chain letters on the theory that if you send the email to 1,400 of your closest email buddies you’ll win a free phone, Microsoft stock, Disney tickets, yadda yadda yadda. No one gives you something to email someone. No one. Not even Nokia. What to send someone who sends you a “Forward this message and get a free cigar” message? An excellent sample is up at

Not All Are Hoaxes, Of course…
As the “I Love You” virus which struck at the beginning of May 2000 showed once again, the threat of a virus in the form of an attachment to an email is very real, and a big pain in the kiester. However, note that it ismost often clicking on the attachment that creates the problem, not the email itself.

I personally have no clue why it is that people just go ahead and click on something called ILOVEYOU in an email from an editor – a position uniformly filled by people with a demonstrated inability to love anyone. I would indeed find the idea of an editor telling me to “click here to see how much I love you” menacing enough to shut down my computer and proceed to the nearest bar.

But even if the file had been attached to a message from my sainted sister I would have viewed it with suspicion and virus checked it before opening.

As a colleague, Ed Hasbrouck, points out: “Most security attacks and viruses are directed at – and depend on interactions between – the most common combinations of software; Windows 9X OS, MSIE 4 or 5 browser, MS Outlook or Eudora e-mail, and MS Office word processing, spreadsheet, etc. applications.

“The fewer components of this bundle you use, the less vulnerable to the most common attacks and viruses there are. Viruses that propagate by getting MS-Outlook to launch an MS-Word macro can thrive. No one writes viruses that depend on using Pegasus Mail to launch a WordPerfect macro, since too small a percentage of recipients would have that combination, and they wouldn’t succeed in spreading.”

Note, though, that viruses don’t spread through an email message. You can’t “destroy your hard drive” or have your hard drive eaten by monsters just because you open a message that came with an infected attachment (I myself opened the message saying “I love you”, saw the file and immediately deleted the attachment – easy peasy). Some simple steps can prevent your getting infected by a virus.

1. Use a non-standard mail program. Ed and I use Pegasus Mail, a free program that makes Eudora’s new 4.3 release look positively clunky. It’s free on the web at <href=‘’ target=‘_blank’>

2. Be suspicious of any attachments, even from people you trust.

3. Be highly suspicious of attachments that are an executable program (that is, the document ends in “.exe”).

4. Be suspicious of and never fail to virus-scan attachments of Microsoft Office documents (Word, Excel, Power Point, etc) for macro viruses.

5. Be highly suspicious of any attachments that have an unfamiliar extension (the last three characters of the file name). “I Love You” was attached to a file with a “.vbs” extension. If you’ve never seen a file extension before, do one of two things:

    a) If it’s from someone you know and trust, virus check it using the latest version of your favorite virus scanning software – and update the virus scanner monthly from the company’s website.

    b) If it’s from someone you don’t know or someone you know casually, delete the sucker. Send a message to the sender saying you did, and if it was something important, ask them to send it again, then repeat step A.

6. Use Macintosh or Linux machines instead of Windows. Okay, okay, that’s asking a bit much. But because so relatively few people use those platforms, virus scares for them are far fewer.