Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Jump To: Example    Detailed Analysis   Comments   References

Fidel Castro Sector Zero Virus Warning


Outline

Email forward written in Spanish warns that clicking links in messages about the death of Fidel Castro can download a virus. It also warns that opening an email attachment with the name 'El Autentico Pez Polla' can launch a virus that can destroy the hard drive on the infected computer (Full commentary below).

Brief Analysis

(The original version of this message is in Spanish. The Spanish version is included below the following English translation. The text was translated by Hoax-Slayer visitor Ebe, who submitted the original example for analysis in October 2008)

Example

Subject: Urgent – New virus

URGENT!

Be very careful with an email that started last night, about the death of Fidel Castro, where it says it will show pictures and videos…. Taking advantage of our morbid human nature it will invite you to open a link with the advertisement of two important news agencies… Don't do it! If you do, a virus disguised as a legal antivirus will be downloaded, it was just announced.

Please send this email to your friends, family, contacts. In the next days you have to pay attention: do not open an email with an attachment called "The authentic chick fish", no matter who is sending it. This is a virus that will open a port in windows that will "eat" all your C hard drive in your computer. This virus will come from a person you know and you were in this person's contact list.

That's why you have to resend this email to all of your contacts. It's better to receive this email 25 times than to receive the virus and open it. If you receive the email called "The authentic chick fish", even if a friend sent it, don't open it and turn off your computer immediately. It's the worst virus announced by the CNN. A new virus has been discovered recently, that has been classified by Microsoft as the most destructive virus ever. This virus was discovered yesterday by McAfee. And they don't know yet how to fight it. This virus simply destroy the Sector Zero of the Hard Drive, where the crucial information is saved.

SEND THIS EMAIL TO WHOM TO KNOW, COPY THIS TO A NEW EMAIL AND SEND IT TO ALL YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, ALL OF US WILL BENEFIT.


Original Spanish version:
*Subject:* FW: URGENTEEEEEEEE NUEVO VIRUS

**_URGENTE !!!!!!!_**

TENGAN MUCHO CUIDADO CON UN CORREO QUE EMPEZO ANOCHE , SOBRE UN ANUNCIO DE LA MUERTE DE FIDEL CASTRO DONDE PROMETEN MOSTRAR VIDEOS Y FOTOS SOBRE ESTE ACONTECIMIENTO. .. APROVECHANDO LA POSIBLE MORBOSIDAD DE LOS SERES HUMANOS INVITA A ENTRAR A UN LINK ANUNCIADO POR DOS IMPORTANTES AGENCIAS DE NOTICIAS **/_NOOOOOOOOO LO HAGAS_/** !!!!! AL HACERLO SE TE DESCARGARA UN MALWARE DISFRAZADO DE SOFTWARE LEGAL, ES UN POTENTE VIRUS ,LO ACABAN DE ANUNCIAR.

POR FAVOR, HACER CIRCULAR ESTE AVISO ENTRE AMIGOS, FAMILIA, CONTACTOS!!En los próximos días, deben estar atentos: No abran ningún mensaje con un archivo anexo llamado 'EL AUTENTICO PEZ POLLA', independientemente de quien se lo envíe. Es un virus que 'abre' un puerto especifico de windows que se ' Come ' todo el disco duro C dela computadora. Este virus vendrá de una persona conocida que te tenia en su lista de direcciones. Es por eso que debes enviar este mail a todos tus contactos. Es preferible recibir 25 veces este mensaje que recibir elvirus y abrirlo. Si recibes el correo llamado EL 'AUTENTICO PEZ POLLA',aunque sea enviado por un amigo, no lo abras y apaga tu maquina inmediatamente. Es el peor virus anunciado por CNN.

Un nuevo virus ha sido descubierto recientemente que ha sido clasificado por Microsoft como el virus mas destructivo que haya existido. Este virus fue descubierto ayer por la tarde por McAfee. Y no hay arreglo aun para esta clase de virus. Este virus destruye simplemente el Sector Zero del Disco Duro, donde la información vital de su función es guardada.

ENVIA ESTE E-MAIL A QUIENES CONOZCAS COPIA ESTE CORREO A UNO NUEVO Y MANDALO A TODOS TUS AMIGOS Y RECUERDA : SI LO ENVIAS A ELLOS , NOS BENEFICIAS A TODOS.


Detailed Analysis

This virus warning email claims that messages about the supposed death of Cuban leader Fidel Castro contain links to a malicious website that can download a virus to the user's computer. It also claims that an email with the subject "El Autentico Pez Polla" carries a virus that destroys the hard drive on the infected computer and has been classified as the worst virus ever. According to the warning, the virus will "eat" away the C drive and destroy Sector Zero, "where the crucial information is saved".

This warning combines some true, if somewhat outdated, information with a variant of a completely false virus warning hoax that has been circulating for several years. Unfortunately, warnings such as this can be quite confusing for many recipients because they mingle elements of truth with unhelpful misinformation.

The first part of the message warns recipients to watch out for fake news emails claiming that Fidel Castro has died. This part of the message is basically true. A March 2008 post on the Cuba Journal blog notes:
Castro Emails claiming that ex-Cuban leader Fidel Castro is dead are attempting to spread a worm onto PCs worldwide.

The worm infects PCs by disguising itself as a video of a report bringing news of Castro's death.

"This worm spreads itself in an email message with the subject 'Mala Noticia' (Bad news) and makes reference to the supposed death of Fidel Castro," security firm Panda Labs wrote in its blog.

The supposed video file actually contains a worm and clicking the link in the email takes you to a web page displaying a Spanish report written in 1997 about another Castro death hoax.
However, although this threat was certainly real, it had none of the characteristics of the destructive virus described in the message. The worm was designed to download information stealing trojan components to the infected computer and spread itself via P2P file sharing software. It certainly did not destroy or damage the infected computer's hard drive.

Moreover, the bulk of its distribution occurred earlier in 2008 and there is no information to suggest that is again being distributed at the time of writing. That said, malware distribution tactics are often reused, so Internet users would be wise to be cautious of "news" emails that claim that famous or infamous people have died. A similar tactic was used in 2005 when trojan emails claimed that Osama Bin Laden had been captured and hanged.

Although the references in the email to the Fidel Castro malware messages are valid, the rest of the information is pure nonsense and should not be taken seriously. It is no more than a mutated and translated version of the Olympic Torch virus hoax that has been circulating since 2006. The following example reveals the strong similarity between the two "warnings":
You should be alert during the next days: Do not open any message with an attached filed called "Invitation" regardless of who sent it. It is a virus that opens an Olympic Torch which "burns" the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called "invitation", though sent by a friend, do not open it and shut down your computer immediately.

This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept. SEND THIS E-MAIL TO EVERYONE YOU KNOW, COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS AND REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US
Moreover, both versions are derived from the even earlier Virtual Card For You hoax.

Unfortunately, recipients who attempt to research this warning before forwarding it may be fooled into believing that all of the information is factual because they have found references that seemingly confirm the first portion of it. However, given that the bulk of the information in the message is false and even the information that is factual is now outdated, forwarding the message will serve only to spread misinformation and clutter inboxes.


Last updated: 31st October 2008
First published: 31st October 2008 By Brett M. Christensen
About Hoax-Slayer

References
Fidel Castro death news hoax and virus
W32/FakeDeath.A.worm
Osama Bin Laden Virus Emails
Olympic Torch Invitation Virus Hoax
Virtual Card For You Virus Hoax






Latest Hoax-Slayer Articles