Video Screencast Help
Security Response

A Virus Is Coming! Tell All Your Friends!

Created: 03 May 2010 23:02:11 GMT • Updated: 23 Jan 2014 18:27:44 GMT
John McDonald's picture
+2 2 Votes
Login to vote

Email hoaxes are nothing new, dating back at least as far as 1994 with what is widely believed to have been the first email hoax—referred to as the "Goodtimes virus" or the "Goodtimes virus hoax" after the subject of the email. The message in the early version was short and to the point, advising recipients not to open email messages with the subject "Good Times" because doing so would ruin their files. This, of course, was not true, but in cases where the recipient complied with the warning, it obviously had the effect of ruining their chances of actually reading any legitimate email messages with that very subject.

Before email, normal postal mail (known fondly by many as "snail-mail") chain-letter hoaxes regularly did the rounds, and sometimes still do even today. The difference between a simple hoax and a chain-letter hoax is that the latter encourages the recipient to forward the letter or email on to others, usually family and friends. Sometimes the hoax email claims that something good will happen to the sender if they send the letter on to at least 5 or 10 or 15 or 20 people, whereas others take the darker path of sternly informing the recipient that failing to forward the message to others will result in something bad happening. This could be illness, loss of income, the sky falling, or whatever the case may be (insert evil consequence here). Of course, both the "carrot" and the "stick" versions prey on people's natural desires for good things to happen in their lives, and their equally natural desire to prevent or avoid "bad luck." I'm sure most people don't truly believe that something bad will result if they fail to forward the message, but many people are superstitious and probably take the view, "Well, it can't hurt, so just in case…"

A minor variation of one particular hoax that dates back to at least 2006 (and possibly before) has recently resurfaced and is scaring people once again. The email looks like this:

Now, if you happened to get an email like this in your inbox, how would you be able to tell if it was a hoax or not? Personally, the first thing I would do is to use my preferred search engine to look up some of the characteristic words or phrases in the message. An example of this is pasting the words "Symantec POSTCARD FROM HALLMARK hoax" into a search, which returns a list of results, including a link to one of our write-ups from 2006 entitled Olympic Torch Hoax. The subject line is different, but the contents of the message are almost identical, which is a clear sign that the email is indeed a hoax. Replace the word "Symantec" with any other organization listed in the message (CNN, Microsoft, Snopes, etc.) and the search results will provide a solid indication that the email is a hoax. While it only takes a few seconds, to be perfectly honest I don't believe a search is even necessary in this case, nor in many others. An easier and faster way of determining whether the email is a hoax or not is to simply consider the content of the message. Any of the following phrases should immediately ring alarm bells to the tune of "this has fake written all over it":

"Get this E-mail message sent around to your contacts ASAP"
"PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!"
"This is the reason why you need to send this e-mail to all your contacts."
"COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS."

Put simply, if you receive an email warning of impending doom and urging you to forward it on to friends and family, it's probably, almost certainly, practically guaranteed to be a hoax.

Please note that Symantec products do not detect these hoaxes, because by definition they don’t contain malicious code—they are simply misinformation and an annoyance. If an email did in fact contain a malicious attachment or other malicious code, it would not fall under the definition of a hoax and would be appropriately categorized as a threat.

So my advice is this: if you do get one of these hoax emails in your inbox, before you forward it to all members of your extended family, friends and acquaintances, stop and have a think about it first. What do your instincts tell you? Do you really believe it's genuine? If not, delete it. If you're still not sure, use a search engine to see what information you can find on it—in many cases you don't even need to open any of the links to get what you need. The few lines under each result can be very informative (after all, we all know how easily search engines results can be poisoned these days, so why open them if you don’t have to?). And after all that, if you're still not sure, consider this:

Most people who forward on these chain-hoaxes—for want of a better term—do so from a combination of fear and of wanting to help others (and hopefully be rewarded with thanks for doing so). But what if the email contained a real, disguised virus—a virus for which no security vendor yet had a solution? A virus that really was programmed to "burn the whole hard disk C of your computer" just after you forwarded the email on to all your contacts. And imagine the same thing happened to those contacts. Would they thank you then? Probably not.