HACKETT-L Archives

Archiver > HACKETT > 2001-05 > 0991333065


From: Erin Bradford <>
Subject: [HACKETT-L] From the listowner...
Date: Thu, 31 May 2001 11:17:55 -0700 (PDT)


This is the last message to the list to be sent to this list.

Please read the following about the latest virus hoax that has been
sent to this list. IT IS A HOAX, you can curse me out for saying
that, like some have done, but it's the truth.

Here is an address (just copy and paste) to 1 (of the many) websites
about the SULFNBK.exe virus hoax:
http://antivirus.about.com/compute/antivirus/library/weekly/aa051601a.htm?rnk=r1&terms=when+hoaxes+harm

Here is a copy of the text:

Hoaxes. Many people believe them. Others aren't so sure but forward
them anyway "just in case". No matter how you slice them, hoaxes are
a problem and now they've taken a new tack. Originating in Brazil, a
new hoax alleges the file SULFNBK.EXE is in fact a virus and urges
users to search their system for the presence of the file. The hoax
warns, even "Norton did not discover it". Perhaps this is because the
file is not infected.

A word of caution. Any executable file has the potential to be
infected. Worse, viruses like Magistr can pick certain files at
random, infect it, and send it off via email to others. So the
potential also exists for the file SULFNBK.EXE to be plucked by
Magistr. Of course, any portable executable (PE EXE) file up to 132K
in length could just as easily be sent, so there's no special
distinction to the SULFNBK.EXE file.

Just what is SULFNBK.EXE? It's a utility shipped as part of the
Windows 98 operating system that allows users to restore long file
names. Thus, anyone using the Windows 98 operating system would find
this file on their system. If the hoax were received by these users,
and believed, many might delete the file thinking their antivirus
software had somehow failed to detect the virus. In fact, it wouldn't
be the first time signature-based scanners failed to detect a new
virus, making the entire hoax even easier to believe.

If you aren't confused yet, you should be. Hoaxes survive simply by
causing confusion. They provide just enough real sounding information
to guarantee a pretty high degree of faith. The more believable, the
more users willing to pass it along. Hence hoaxes are very much like
a manually driven virus, relying on the user to deliberately pass
along the "infection". In the case of the SULFNBK.EXE warning there's
a double whammy: as users pass it along, it clogs email servers and
drains resources; and those who delete it may need the file at some
point. Worse, this could be a stepping stone to a new trend in hoax
writing - targeting necessary system files, warning of dire
consequences and instructing users to immediately delete them. If the
right files were targeted, users following the warning's instructions
could find themselves worse off than if a "real" virus had hit. In
other words, hoaxes may soon be featuring malicious payloads
deliberately executed by the gullible and unsuspecting user.

Common sense provides the best cure. If you aren't sure, don't
forward it. Forget the "just in case" excuse - it's downright
dangerous. Unless the warning comes from a known and reputable
source, send it to the Recycle Bin and not to your friends and
co-workers.

Special thanks to Giordani Rodrigues, editor of InfoGuerra.com for
providing details regarding this hoax. His article, in Portuguese,
can be found at:
http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid988228057,26932,.





=====
Erin Bradford

http://www.usgennet.org/usa/nc/county/cabarrus/
http://www.usgennet.org/usa/nc/county/mecklenburg/
ALHN County Coordinator for Cabarrus and Mecklenburg Cos, NC
http://homepages.rootsweb.com/~kshai (The Genealogy Depository)
Listowner Barringer Black Bradford Coventry Eller Hackett Hupp and Kern

This thread: