Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 25 - Hoax-Slayer Newsletter

Issue 25: 28th May, 2004

This week in Hoax-Slayer:


Email Worm Spoofing

A lot of modern worms use email spoofing when they send themselves from an infected computer. This spoofing tactic has led to a great deal of finger pointing and confusion among Internet users. Because of spoofing, it may appear that person A sent person B a worm-infected email when this was not the case. Thus, spoofing increases the negative impact of worm outbreaks because it leads to unfair accusations, miss-directed warnings, and the erroneous blacklisting of email addresses.

Simply put, spoofing as it relates to worm dissemination, works like this:

  1. Someone who has your email address stored somewhere on her or his computer, becomes infected by a worm that uses spoofing.

  2. The worm searches for email addresses on the infected computer and sends itself to them.

  3. The worm inserts one of the email addresses it finds in the "From:" field of the virus emails it sends. In other words, it may use your address in the "From:" field, which tricks unwary recipients into thinking that the virus came from your computer.

Thus, even though you may practice safe computing and have a worm free machine, you may be unfairly accused of spreading the infection. Meanwhile, the actual sender may remain unaware that his or her machine is infected.

If you are unfairly accused:

  1. First, make sure your system really is free of infection by running a full system scan with up-to-date anti-virus software.

  2. Next, reply to the accuser with an explanation of spoofing and assure him or her that your system is not infected. Try to include a link to a webpage that provides information about email worm spoofing to back up your statement.

If you receive a worm-infected email, don't immediately fire off an email that accuses the apparent sender of posting you the worm. If possible, look up information about the worm on an Anti-Virus website such as Symantec and try to determine if the worm is one that uses spoofing. You may also be able to verify the actual sender by checking the headers of the email carrying the worm. View a detailed explanation of interpreting email headers.

You can help to reduce the impact of worm outbreaks by being aware of this spoofing issue and informing others where necessary.


Virus Report: Weekly Virus Wrap-Up

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

W32.Korgo.C is another worm that uses the LSASS vulnerability present in unpatched Windows 2000, and XP systems. Unpatched systems should be updated as soon as possible.

W32.Gaobot.ALW is one of a number of Gaobot variants that spread through Windows vulnerabilities and open network shares. The worm affects Windows 2000, Windows NT and Windows XP. Again, it is very important that Internet users apply the latest updates to their computers as soon as possible.

W32.Bugbear.G@mm is a Bubear variant that collects email addresses off the infected machine and sends them using its own SMTP engine. It can also collect personal information from the infected computer and email it to the author of the worm. This worm uses spoofing.


Amazon Rainforest Email Petition

This outdated email petition is still circulating. The article I have about it on the Hoax-Slayer website has been receiving an increasing number of visitors over the last few weeks and I have had several enquires about it.

The "project" mentioned in this email petition was shelved by the Brazilian government back in May 2000. Therefore, signing and forwarding this petition is pointless.

Even if the project had been approved, it is improbable that an email petition could have any effect what so ever. These lists of names rarely get to where they are supposed to, nor are they taken in any way seriously by politicians or any one else in authority.

The best place for these email petitions is the "Deleted Items" folder of your email client. To reiterate, adding your name to this petition will do nothing to prevent the destruction of the Amazon Rainforest. Those concerned about deforestation can have much more of an impact by joining an environmental group, or perhaps even starting a real pen and paper petition that will be eventually submitted to a real politician.

The following is no joke. It was sent to me by my brother in law who is an avid and serious biologist/conservationist in Malawi. Thank you Rachel

The Brazilian congress is now voting on a project that will reduce the Amazon forest to 50% of its size. It will take 1 MINUTE to read this, but PLEASE put your names on the list and forward this on as instructed below. The area to be deforested is 4 times the size of Portugal and would be mainly used for agriculture and pastures for livestock. All the wood is to be sold to international markets in the form of wood chips, by large multinational companies. The truth is that the soil in the Amazon forest is useless without the forest itself. Its quality is very acidic and the region is prone to constant floods. At this time more than 160,000 square kilometres deforested with the same purpose are abandoned and in the process of becoming deserts, meaning that this proposal is in the short-term interests of a few, and in the long term interests of none.

Please copy the text into a 'new e-! mail' put your complete name in the list below, and send to everyone you know. (DON'T JUST FORWARD IT -- AS IT WILL THEN END UP WITHROWS AND ROWS of '>'s) If you are the 400th person to sign please send a copyto:


Thank you for your help:



Tip of the Week: Acronym Finder

These days, acronyms abound, especially within the sphere of computing and information technology.

Don't know what a certain acronym means? Enter it in the search box at the Acronym Finder site and, in most cases, it will give you one or more meanings, starting from the most common.

Acronym Finder is a good site to bookmark for easy reference.

If you use Internet Explorer, you can even add Acronym Finder to the right click menu. Once added, you can highlight an acronym on a webpage and hit the right click menu item to automatically search Acronym Finder. Very handy!

You can also submit an acronym if you find that one is not already in the Acronym Finder database.


Feedback from Readers and Site Visitors

If you receive a hoax or scam email, I would appreciate it if you would send me a copy.

The seemingly unstoppable Money from Microsoft Hoax has been a popular subject for submissions this week. There is a slightly different version of the hoax currently circulating that falsely claims the email "TOOK TWO PAGES OF THE TUESDAY USATODAY - IT IS FOR REAL".

As usual, I've received a number of submissions regarding lottery scam emails

The hoax email about stolen UPS uniforms also generated a lot of website traffic and enquires this week.

As well, the article about Camel Spiders continues to receive a large number of visitors. My site statistics suggest that camel spiders are a hot topic for online forums.


The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2009
Questions or Comments