Issue 25 - Hoax-Slayer Newsletter

---

This week in Hoax-Slayer:

• Email Worm Spoofing
• Virus Report: Weekly Virus Wrap-Up
• Amazon Rainforest Email Petition
• Tip of the Week: Acronym Finder
• Feedback from Readers and Site Visitors

---

---

A lot of modern worms use email spoofing when they send themselves from an infected computer. This spoofing tactic has led to a great deal of finger pointing and confusion among Internet users. Because of spoofing, it may appear that person A sent person B a worm-infected email when this was not the case. Thus, spoofing increases the negative impact of worm outbreaks because it leads to unfair accusations, miss-directed warnings, and the erroneous blacklisting of email addresses.

Simply put, spoofing as it relates to worm dissemination, works like this:

1. Someone who has your email address stored somewhere on her or his computer, becomes infected by a worm that uses spoofing.
   
   
2. The worm searches for email addresses on the infected computer and sends itself to them.
   
   
3. The worm inserts one of the email addresses it finds in the "From:" field of the virus emails it sends. In other words, it may use your address in the "From:" field, which tricks unwary recipients into thinking that the virus came from your computer.
   
   

Thus, even though you may practice safe computing and have a worm free machine, you may be unfairly accused of spreading the infection. Meanwhile, the actual sender may remain unaware that his or her machine is infected.

If you are unfairly accused:

1. First, make sure your system really is free of infection by running a full system scan with up-to-date anti-virus software.
   
   
2. Next, reply to the accuser with an explanation of spoofing and assure him or her that your system is not infected. Try to include a link to a webpage that provides information about email worm spoofing to back up your statement.
   
   

If you receive a worm-infected email, don't immediately fire off an email that accuses the apparent sender of posting you the worm. If possible, look up information about the worm on an Anti-Virus website such as Symantec and try to determine if the worm is one that uses spoofing. You may also be able to verify the actual sender by checking the headers of the email carrying the worm. View a detailed explanation of interpreting email headers.

You can help to reduce the impact of worm outbreaks by being aware of this spoofing issue and informing others where necessary.

---

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

---

W32.Korgo.C is another worm that uses the LSASS vulnerability present in unpatched Windows 2000, and XP systems. Unpatched systems should be updated as soon as possible.

---

W32.Gaobot.ALW is one of a number of Gaobot variants that spread through Windows vulnerabilities and open network shares. The worm affects Windows 2000, Windows NT and Windows XP. Again, it is very important that Internet users apply the latest updates to their computers as soon as possible.

---

W32.Bugbear.G@mm is a Bubear variant that collects email addresses off the infected machine and sends them using its own SMTP engine. It can also collect personal information from the infected computer and email it to the author of the worm. This worm uses spoofing.

---

This outdated email petition is still circulating. The article I have about it on the Hoax-Slayer website has been receiving an increasing number of visitors over the last few weeks and I have had several enquires about it.

The "project" mentioned in this email petition was shelved by the Brazilian government back in May 2000. Therefore, signing and forwarding this petition is pointless.

Even if the project had been approved, it is improbable that an email petition could have any effect what so ever. These lists of names rarely get to where they are supposed to, nor are they taken in any way seriously by politicians or any one else in authority.

The best place for these email petitions is the "Deleted Items" folder of your email client. To reiterate, adding your name to this petition will do nothing to prevent the destruction of the Amazon Rainforest. Those concerned about deforestation can have much more of an impact by joining an environmental group, or perhaps even starting a real pen and paper petition that will be eventually submitted to a real politician.

---

These days, acronyms abound, especially within the sphere of computing and information technology.

Don't know what a certain acronym means? Enter it in the search box at the Acronym Finder site and, in most cases, it will give you one or more meanings, starting from the most common.

Acronym Finder is a good site to bookmark for easy reference.

If you use Internet Explorer, you can even add Acronym Finder to the right click menu. Once added, you can highlight an acronym on a webpage and hit the right click menu item to automatically search Acronym Finder. Very handy!

You can also submit an acronym if you find that one is not already in the Acronym Finder database.

---

If you receive a hoax or scam email, I would appreciate it if you would send me a copy.

The seemingly unstoppable Money from Microsoft Hoax has been a popular subject for submissions this week. There is a slightly different version of the hoax currently circulating that falsely claims the email "TOOK TWO PAGES OF THE TUESDAY USATODAY - IT IS FOR REAL".

As usual, I've received a number of submissions regarding lottery scam emails

The hoax email about stolen UPS uniforms also generated a lot of website traffic and enquires this week.

As well, the article about Camel Spiders continues to receive a large number of visitors. My site statistics suggest that camel spiders are a hot topic for online forums.

---