Issue 25 - Hoax-Slayer Newsletter
Issue 25: 28th May, 2004
This week in Hoax-Slayer:
Email Worm Spoofing
A lot of modern worms use email spoofing when they send
themselves from an infected computer. This spoofing tactic has
led to a great deal of finger pointing and confusion among
Internet users. Because of spoofing, it may appear that person
A sent person B a worm-infected email when this was not the case.
Thus, spoofing increases the negative impact of worm outbreaks
because it leads to unfair accusations, miss-directed warnings,
and the erroneous blacklisting of email addresses.
Simply put, spoofing as it relates to worm dissemination, works
- Someone who has your email address stored somewhere on her or
his computer, becomes infected by a worm that uses spoofing.
- The worm searches for email addresses on the infected computer
and sends itself to them.
- The worm inserts one of the email addresses it finds in the
"From:" field of the virus emails it sends. In other words, it
may use your address in the "From:" field, which tricks unwary
recipients into thinking that the virus came from your computer.
Thus, even though you may practice safe computing and have a worm
free machine, you may be unfairly accused of spreading the
infection. Meanwhile, the actual sender may remain unaware that
his or her machine is infected.
If you are unfairly accused:
- First, make sure your system really is free of infection by
running a full system scan with up-to-date anti-virus software.
- Next, reply to the accuser with an explanation of spoofing and
assure him or her that your system is not infected. Try to include
a link to a webpage that provides information about email worm
spoofing to back up your statement.
If you receive a worm-infected email, don't immediately fire off
an email that accuses the apparent sender of posting you the worm.
If possible, look up information about the worm on an Anti-Virus
website such as Symantec and try to determine if the worm is one
that uses spoofing. You may also be able to verify the actual
sender by checking the headers of the email carrying the worm.
View a detailed explanation
of interpreting email headers.
You can help to reduce the impact of worm outbreaks by being
aware of this spoofing issue and informing others where necessary.
Virus Report: Weekly Virus Wrap-Up
The list below represents some of the most significant new virus
threats identified by Symantec Security Response
over the last
is another worm that uses the LSASS vulnerability present in unpatched Windows 2000, and XP systems. Unpatched systems should be updated as soon as possible.
is one of a number of Gaobot variants that spread through Windows vulnerabilities and open network shares. The worm
affects Windows 2000, Windows NT and Windows XP. Again, it is very
important that Internet users apply the latest updates to their
computers as soon as possible.
is a Bubear variant that collects email addresses
off the infected machine and sends them using its own SMTP engine.
It can also collect personal information from the infected computer
and email it to the author of the worm. This worm uses spoofing.
Amazon Rainforest Email Petition
This outdated email petition is still circulating. The article
I have about it on the Hoax-Slayer website has been receiving an
increasing number of visitors over the last few weeks and I have
had several enquires about it.
The "project" mentioned in this email petition was shelved by the
Brazilian government back in May 2000. Therefore, signing and
forwarding this petition is pointless.
Even if the project had been approved, it is improbable that an
email petition could have any effect what so ever. These lists
of names rarely get to where they are supposed to, nor are they
taken in any way seriously by politicians or any one else in
The best place for these email petitions is the "Deleted Items"
folder of your email client. To reiterate, adding your name to
this petition will do nothing to prevent the destruction of the
Amazon Rainforest. Those concerned about deforestation can have
much more of an impact by joining an environmental group, or
perhaps even starting a real
pen and paper petition that will
be eventually submitted to a real politician.
The following is no joke. It was sent to me by my brother in law
who is an avid and serious biologist/conservationist in Malawi.
Thank you Rachel
The Brazilian congress is now voting on a project that will
reduce the Amazon forest to 50% of its size. It will take 1
MINUTE to read this, but PLEASE put your names on the list and
forward this on as instructed below. The area to be deforested
is 4 times the size of Portugal and would be mainly used for
agriculture and pastures for livestock. All the wood is to be
sold to international markets in the form of wood chips, by
large multinational companies. The truth is that the soil in
the Amazon forest is useless without the forest itself. Its
quality is very acidic and the region is prone to constant
floods. At this time more than 160,000 square kilometres
deforested with the same purpose are abandoned and in the
process of becoming deserts, meaning that this proposal is
in the short-term interests of a few, and in the long term
interests of none.
Please copy the text into a 'new e-! mail' put your complete
name in the list below, and send to everyone you know. (DON'T
JUST FORWARD IT -- AS IT WILL THEN END UP WITHROWS AND ROWS
of '>'s) If you are the 400th person to sign please send a
[EMAIL ADDRESS REMOVED]
Thank you for your help:
[LIST OF NAMES REMOVED]
Tip of the Week: Acronym Finder
These days, acronyms abound, especially within the sphere of
computing and information technology.
Don't know what a certain acronym means? Enter it in the search
box at the Acronym Finder
site and, in most cases, it will give
you one or more meanings, starting from the most common.
is a good site to bookmark for easy reference.
If you use Internet Explorer, you can even add Acronym Finder to
the right click menu. Once added, you can highlight an acronym
on a webpage and hit the right click menu item to automatically
search Acronym Finder. Very handy!
You can also submit an acronym if you find that one is not
already in the Acronym Finder database.
Feedback from Readers and Site Visitors
If you receive a hoax or scam email, I would appreciate it if you
would send me a copy
The seemingly unstoppable Money from Microsoft Hoax
has been a popular subject for submissions this week. There is a slightly different version of the hoax currently circulating that falsely
claims the email "TOOK TWO PAGES OF THE TUESDAY USATODAY - IT IS
As usual, I've received a number of submissions regarding lottery
The hoax email about stolen UPS uniforms
also generated a lot of
website traffic and enquires this week.
As well, the article about Camel Spiders
continues to receive a large number of visitors. My site statistics suggest that camel
spiders are a hot topic for online forums.
The Hoax_Slayer Newsletter is published by:
All Rights Reserved
©Brett M. Christensen, 2009
Questions or Comments