Issue 37 - Hoax-Slayer Newsletter
Issue 37: 9th September, 2004
This week in Hoax-Slayer:
Hands of God Email
An email accompanied by a picture apparently depicting the hands
of God in the clouds is currently circulating. The email claims
that the photograph was taken after Hurricane Charley hit the US
state of Florida. However, the photograph has clearly been
altered to include the "hands" in the clouds. Also, the image
was circulating around the Internet well before Hurricane Charley
Who created the original picture and in what context it first
appeared is difficult to determine. If you have seen the
picture in another setting or can shed some light on its origin
please let me know
Although it is not hard to identify the photograph as a fake,
it still makes for an interesting image.
A close up of part of the image makes the manipulation clearly apparent.
Discuss This Story
Fw: The Hands of God - Awesome picture
Got this today! Please pass it on...
A friend of mine sent this photo of a cloud formation in the
aftermath of Hurricane Charley. I think it is awesome and needed
to be passed on. I truly hope that all of you will be able to view it.
Phisher Scammers Continue to Target Major Institutions
As usual, the phisher scammers have been busy. I have recently
received scam emails that target MSN, Citizens Bank, Citibank and
the US Bank although I do not hold an account with any of these
institutions. Other current scam emails target ANZ, Westpac,
Suntrust, Paypal and eBay. These fraudulent emails arrive in
HTML format and are adorned with logos, colours and copyright
notices closely resembling those used by the targeted
The emails use a variety of excuses to trick potential victims
into clicking on links provided. These links lead to fraudulent
web pages that are cleverly designed to mimic the legitimate
website of the targeted institution. Visitors to these bogus
websites are asked to submit financially sensitive information
such as passwords and account numbers. Information provided is
sent directly to the criminals behind the scam and will likely
be used to commit fraud and/or steal the victim's identity.
HTML examples of recent phisher scam emails can be viewed via
the links below:
It is highly unlikely that any legitimate institution would
request financially sensitive information via email. If you
receive such a request, do not reply and do not click on any
links provided. Contact the institution directly if you have
the slightest doubt regarding the veracity of a message. You
should also check the institution's real website, as
information about current phisher scams is often provided.
Read more about phisher scams
Discuss This Story
Internet Worm SMTP Engines Explained
It is very common to encounter a phrase such as "uses its own SMTP engine" when reading virus descriptions. I often use such a phrase when discussing Internet worms in the Hoax-Slayer Newsletter. Reader feedback indicates that the meaning of "uses its own SMTP engine" may be somewhat obscure to many computer users, so I've put together the following brief explanation.
"SMTP" stands for Simple Mail Transfer Protocol. A "protocol" as it relates to the computing field, is a formal set of rules that describe how to transmit data. As the name suggests, SMTP is a protocol for transferring e-mail messages and is used legitimately and effectively (along with other protocols) by email programs such as Outlook Express, Pegasus Mail
and others. SMTP is quite old by Internet standards but is still relatively efficient and easy to implement. These qualities make it a valuable tool for virus writers intent on wreaking maximum havoc. Many modern Internet worms have SMTP engines built directly into their code and can bypass existing email programs completely. Basically, such a worm comes loaded with everything it needs to establish a connection with a mail server and send itself to any email addresses it has harvested from the infected computer. Since the worm does not use an existing email application, the operator of the infected computer might not even be aware that a worm is propagating itself.
The above is a very simple overview of a quite complex subject area. You can read a much more thorough treatment of the subject via the link below:RFC 821 SIMPLE MAIL TRANSFER PROTOCOL
With viruses and worms continually increasing in complexity, it is more important than ever to maintain a
secure computing environment
Discuss This Story
Virus Report: Weekly Virus Wrap-Up
For more information on current virus threats visit Symantec Security Response
Another variant of the Bugbear worm, W32.Bugbear.M@mm
active. The worm searches specified files on the infected computer
and sends itself to them using its own SMTP engine. The Subject
line of the infected email starts with "Re:" and the name of the
also uses its own SMTP engine to send itself to
email addresses found on the infected computer. The "From:" field
of the infected email is spoofed. The attachment will have a
.bat, .cmd, .exe, .pif, .scr, or .zip extension.
is a worm that can delete files associated
with some security software. It sends itself to email addresses
that it finds in Yahoo Pager and MSN messenger address books and
other files on the infected computer. This worm also uses its
own SMTP engine to spread. The subject line of the infected
email will be one of the following:
Please reactive now.
Please reactive now
Discuss This Story
HIV Needle Hoax Still Circulating
Many versions of this hoax have circulated over the last few
years. All are equally false. The first example below is a
French version and involves HIV needles on theatre seats. A
similar Australian version has also been circulating during 2004.
Around October 2003, another version of the hoax was finding its
way into Canadian inboxes. This version claims that hypodermic
needles have been attached to gas pump handles and that people
have tested HIV positive as a result of being pricked by the
needles. The Canadian version is very similar to the original
US version (reproduced below), which began hitting inboxes in
An even earlier version of the hoax claimed that drug users were
disposing of needles in the coin slots of payphones, thereby
infecting innocent phone users.
Occasionally, syringes are
found in places where they could
cause injury to unsuspecting members of the public, including a
case where an insulin needle was left in a pay phone coin return.
However, there is no evidence that the callous and deliberate
terror campaign outlined in these hoax emails has ever occurred.
The Center for Disease Control has information
about these hoaxes on its website.
What lies behind us and what lies ahead of us are tiny matters
compared to what lies within us". This happened in Paris. A
few weeks ago, in a movie theatre, a person sat on something
poking on one of the seats. When she got up to see what it was,
she found a needle sticking out of the seat with a note
attached saying: "You have just been infected by HIV". The
Disease Control Centre (in Paris) reports many similar events
in many other cities recently. All tested needles are HIV
Positive. The Centre also reports that needles have been found
in the cash dispensers at public Banking Machines. We ask
everyone to use extreme caution when faced with this kind of
situation. All public chairs/seats should be inspected with
vigilance and caution before use. A careful visual inspection
should be enough. In addition, they ask that each of you pass
this message along to all members of your family and your
friends of the potential danger. Recently, one doctor has
narrated somewhat a similar instance happened at the Priya
Cinema in Delhi to one of his patients. A Young Girl engaged
and about to be married in a couple of months was pricked while
the movie was going on. The tag with the needle had the message
"Welcome to the World of HIV+ family". Though the doctors told
her family that it takes about 6 months before the virus grow
> strong enough to start damaging your system and a healthy
victim could survive about 5-6 years. The girl died in 4
months, perhaps more because of the "Shock thought". We all
have to be careful at public places, rest God help!
Original US Version:
My name is Captain Abraham Sands of the Jacksonville, Florida
Police Department. I have been asked by state and local authorities
to write this email in order to get the word out to car drivers of
a very dangerous prank that is occurring in numerous states.
Discuss This Story
Some person or persons have been affixing hypodermic needles to the
underside of gas pump handles. These needles appear to be infected
with HIV positive blood. In the Jacksonville area alone there have
been 17 cases of people being stuck by these needles over the past
five months. We have verified reports of at least 12 others in
various states around the country.
It is believed that these may be copycat incidents due to someone
reading about the crimes or seeing them reported on the television.
At this point no one has been arrested and catching the
perpetrator(s) has become our top priority.
Shockingly, of the 17 people who where stuck, eight have tested HIV
positive and because of the nature of the disease, the others could
test positive in a couple years.
Evidently the consumers go to fill their car with gas, and when
picking up the pump handle get stuck with the infected needle. IT
IS IMPERATIVE TO CAREFULLY CHECK THE HANDLE of the gas pump each
time you use one. LOOK AT EVERY SURFACE YOUR HAND MAY TOUCH,
INCLUDING UNDER THE HANDLE.
If you do find a needle affixed to one, immediately contact your
local police department so they can collect the evidence.
PLEASE HELP US BY MAINTAINING A VIGILANCE AND BY FORWARDING THIS
EMAIL TO ANYONE YOU KNOW WHO DRIVES. THE MORE PEOPLE WHO KNOW OF
THIS THE BETTER PROTECTED WE CAN ALL BE.
Tip of the Week: Start a Blog!
If you have something to say and would like to share it with the
world quickly and easily, then blogging could be just the ticket.
There are plenty of free blogging related services around, but
the one I'm currently using is Blogger
If you are not familiar with the heady world of blogging the
following might give you a heads up. A blog is a website that
can be very easily updated and modified whenever you feel like
it. The beauty of a blog like the ones available at Blogger.com
is that you do not need extensive web-development skills to use
them. If you have a basic knowledge of computers and the
Internet, then you could be happily blogging for free within the
A blog is a personal diary. A daily pulpit. A collaborative
space. A political soapbox. A breaking-news outlet. A collection
of links. Your own private thoughts. Memos to the world.
Your blog is whatever you want it to be. There are millions of
them, in all shapes and sizes, and there are no real rules.
I have a Freeware Reviews
blog that you might like to check out.
The Hoax_Slayer Newsletter is published by:
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments