RootsWeb: HACKETT-L [HACKETT-L] Re:Virus hoax comments

HACKETT-L Archives

Archiver > HACKETT > 2001-05 > 0990915761

From:
Subject: [HACKETT-L] Re:Virus hoax comments
Date: Sat, 26 May 2001 18:22:41 EDT

'' wrote: ==== - I apologise for sending the above to the list but as it was from the Computer Systems Manager of the Credit Union to the employees, I thought he would surely know what he was talking about. Makes you worry about who is taking care of your money doesn't it? In a message dated 5/26/01 11:37:38 AM Central Daylight Time, writes: > I just heard this was a hoax. Do you have any details? > Howard Johnston > Yes Howard I have also found out this is a hoax and am posting this to the Hackett List with my profound apologies for posting it in the first place. I have never done this before and will promise all of you I will never do it again without checking it out with an antivirus site and Microsoft.com site. The following are comments I have gotten and these are the nicer ones, some were not reprintable. Again my apology to all and you are not in dire trouble if you did delete the file as you will see by reading the various comments: #1 According to the Symantec website, the subject program SULFNBK.EXE is a legitimate Microsoft utility for restoring long file names. Per Symantec the virus warning in regard to this utility is a HOAX. Although it would serve no useful purpose to remove this utility from one's computer, it probably is marginal enough that one might never miss it. You should really check one or more of the Virus Protection websites before passing on a warning like this. Most probably, 90% of all such warnings are hoaxes. #2 The SULFNBK file is a handler for Long FileNames (LFN). It is installed with most versions of Windows, if not all. If it is deleted, it may be recreated upon the next reboot ... I haven't tried it. If it is deleted, it may make your files with LFNs inaccessible ... I haven't tried that either. This thingy just isn't worth my time/trouble. I figger the 'pooter admin at the credit union needs to be replaced ... he's too stoopid to be trusted ... ----- This hoax warns against a virus contained in a file called SULFNBK.EXE, that arrives hidden in an email message. SULFNBK.EXE is a normal file that is installed with the Windows Operating System. This file is not destructive, but it can be infected by a virus. Trend Micro requests that all email users not propagate this email, which is a hoax. #3 Better safe than sorry! Thanks for thinking of us! #4 It is a Microsoft utility file and you have apparently made the hoax do the work of a virus by acting on the instructions contained. In the future, before spreading alerts, go to <A HREF="http://www.symantec.com/avcenter/hoax.html">; http://www.symantec.com/avcenter/hoax.html</A>;. They list most known hoaxes and you will find this one in the list. #5 I hate to reply to the list with this...but this should not of been sent to this list in the first place....THIS IS A PROVEN HOAX.....The information below comes straight from the Microsoft website. Hoaxes. Many people believe them. Others aren't so sure but forward them anyway "just in case". No matter how you slice them, hoaxes are a problem and now they've taken a new tack. Originating in Brazil, a new hoax alleges the file SULFNBK.EXE is in fact a virus and urges users to search their system for the presence of the file. The hoax warns, even "Norton did not discover it". Perhaps this is because the file is not infected. A word of caution. Any executable file has the potential to be infected. Worse, viruses like <A HREF="http://antivirus.about.com/library/virusinfo/blmagistr.htm">Magistr</A>; can pick certain files at random, infect it, and send it off via email to others. So the potential also exists for the file SULFNBK.EXE to be plucked by Magistr. Of course, any portable executable (PE EXE) file up to 132K in length could just as easily be sent, so there's no special distinction to the SULFNBK.EXE file. Just what is SULFNBK.EXE? It's a utility shipped as part of the Windows 98 operating system that allows users to restore long file names. Thus, anyone using the Windows 98 operating system would find this file on their system. If the hoax were received by these users, and believed, many might delete the file thinking their antivirus software had somehow failed to detect the virus. In fact, it wouldn't be the first time signature-based scanners failed to detect a new virus, making the entire hoax even easier to believe. If you aren't confused yet, you should be. Hoaxes survive simply by causing confusion. They provide just enough real sounding information to guarantee a pretty high degree of faith. The more believable, the more users willing to pass it along. Hence hoaxes are very much like a manually driven virus, relying on the user to deliberately pass along the "infection". In the case of the SULFNBK.EXE warning there's a double whammy: as users pass it along, it clogs email servers and drains resources; and those who delete it may need the file at some point. Worse, this could be a stepping stone to a new trend in hoax writing - targeting necessary system files, warning of dire consequences and instructing users to immediately delete them. If the right files were targeted, users following the warning's instructions could find themselves worse off than if a "real" virus had hit. In other words, hoaxes may soon be featuring malicious payloads deliberately executed by the gullible and unsuspecting user. Common sense provides the best cure. If you aren't sure, don't forward it. Forget the "just in case" excuse - it's downright dangerous. Unless the warning comes from a known and reputable source, send it to the Recycle Bin and not to your friends and co-workers.

This thread:

[HACKETT-L] Re:Virus hoax comments by