When is a virus not a virus? Or actually, it IS a virus, though it’s not a virus? Or something like that … Okay, this makes no sense.
There is a category of virus that the most complete, up-to-the-minute screening software will never be able to, well, screen. That’s because
it isn’t actually a virus. But it is. See paragraph 1.
I received an e-mail message last week. Actually, I received many e-mail messages, several of them similar in tone, content and import: Apologies, but it appears my machine has sent a virus to everyone in my address book — would you be a lamb and delete the file jdbgmgr.exe, and pass this information on to everyone in YOUR address book, since they’ll have been sent the message/virus, too?
Of course, as more sophisticated users might recognize, this is not a virus warning. It is a hoax. The Internet is to hoaxes what a stagnant pond in Winnipeg is to mosquitoes — a fertile breeding ground. But there is a new genre of hoax whose consequences can be just as problematic as a viral infection.
Good Times was perhaps the original e-mail virus hoax. A warning circulated regarding this mythical, all-powerful virus to perhaps every computer on earth some years ago. Its impact was a nuisance — bandwidth tied up for useless purposes — but no more.
It took only a tiny mutation to turn virus hoax e-mail messages into something a little more destructive. The supposedly offending file — in this case, jdbgmgr.exe, though the warning has circulated specifying the sulfnbk.exe file — is in fact an integral part of the Windows operating system. It’s removal can cause a PC to behave rather erratically.
So there you go — virus-calibre damage without the muss and fuss of coding.
There is a principle at work, the same principle that makes a genuine virus more or less effective. It’s been referred to as “”socially engineered”” malware. The effectiveness of a virus is dependent on whether the user executes it, and that lies in the presentation. Some people — well, men, anyway — will click on porn offers (not me, of course). A flirty subject line or the promise of “”something really funny”” will work in its stead.
The virus hoax preys on what the folks at vmyths.com — a catalogue of computer-related hoaxes and urban legends — call “”false authority syndrome.”” Because of position or job description, people presume to speak and act as an expert on the subject at hand although it’s actually well beyond their grasp.
So … how does one avoid the pain, stigma and credibility damage associated with circulating such a warning, even with the best of intentions? There are a couple rules of thumb. A legitimate virus warning will NEVER ask you to pass a message along to everyone in your address book. Consider the source — the receptionist at your health club isn’t likely to know a legit virus from critical OS file. (Neither, the uncharitable might point out, is a journalist.) Check vmyths.com and the Symantec and McAffee Web sites. If you’re still in doubt, ask your IT folks. They’ll make fun of you, but it’s better than being branded an unprofessional pain by everyone in your address book.