Resources

Characteristics of Viruses and Virus Hoaxes

There are thousands of viruses circulating each day with various payloads and means of propagation. The messages may be from an unknown sender or from someone you know. The damage caused by a virus can vary, affecting your personal machine as well as overloading email servers and networks. In order to protect your machine from infection, it is important to understand the characteristics of virus emails and hoaxes, and the importance of updating the anti- virus software installed on your machine on a regular basis.

Virus emails vary in the text of the subject line, message body and attachment name; however, most of these messages do share some common characteristics. Often the messages contain poor grammar or misspelled words. For example: A variant of the MyLife virus contains the following message body: "Hiiii How are youuuuuuuu? look to bill caricature it's vvvery verrrry fffunny i promise you will love it? ok buy " . Often these messages use all lower case letters or do not use capitalization properly.

Occasionally, messages are sent warning users of a virus threat and encouraging individuals to notify all of their contacts. Often, these messages are not viruses at all, but are hoaxes. Virus hoaxes are more than mere annoyances, as they may lead some users to routinely ignore all virus warning messages, leaving them vulnerable to a genuine, destructive virus.

Virus hoaxes have the following characteristics:

The message is forwarded to you by a friend or colleague.

The message usually does not contain an attachment

The message urges you to forward the email to everyone you know.

The email describes in detail the alleged virus and what it is capable of doing to your system. It does not include a link to a known anti- virus website such as Norton or McAfee. A legitimate virus warning will include a link to these trusted sites for more information regarding the virus.

The message sometimes encourages you to delete or rename system files in order to protect your system from infection. Doing so often prevents windows from functioning properly.

The message references a third party who can validate the claim.

These virus hoaxes can be just as dangerous as true viruses since they often cause a rapid increase of internet traffic. An article on TechTV, featured the following scenario illustrating the effect of these hoaxes:

"Let's say, for instance, that you have 25 people in your address book and you send an unsubstantiated warning to all of them, prompting them to forward the message to everyone they know. If each of them has 25 people in his or her address book, your message could be passed on to 625 people. If each of those people has 25 entries, you could reach 15,625 people. Within 5 forwards of your false information message, you could reach a staggering 9,765,625 people (based on only 25 people per address book.)"

The SMU Exchange email server automatically scans all incoming mail for possible virus files provided the mail is accessed through Webmail or the Outlook MAPI client. If a virus is detected, the server replaces the file with a file named "Attachment blocked by SMU.txt". If you have an outside email account that you access on campus such as hotmail, aol or yahoo, please exercise caution when opening any attachments.

It is very rare that you will receive legitimate warning messages regarding the release of a new virus, or necessary software patches and updates by email. ITS will send bulk email messages if a virus is spreading rapidly across campus; however, these messages are rare. If you receive information regarding a virus or a suspicious email, please feel free to contact the ITS Help Desk. We will be happy to research any virus reports for you. Please do not forward suspicious emails to any other address. The following site is also a great tool to research possible viruses, virus hoaxes, and other virus information: http://vil.mcafee.com/default.asp.

The best way to prevent viruses from infecting your machine or spreading to others is to exercise caution when opening attachments, update the virus definitions on your anti-virus software regularly, and be wary of suspicious emails instructing you to perform some action on your machine.