Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 37 - Hoax-Slayer Newsletter

Issue 37: 9th September, 2004

This week in Hoax-Slayer:
Hands of God Email

An email accompanied by a picture apparently depicting the hands of God in the clouds is currently circulating. The email claims that the photograph was taken after Hurricane Charley hit the US state of Florida. However, the photograph has clearly been altered to include the "hands" in the clouds. Also, the image was circulating around the Internet well before Hurricane Charley occurred.

Who created the original picture and in what context it first appeared is difficult to determine. If you have seen the picture in another setting or can shed some light on its origin please let me know.

Although it is not hard to identify the photograph as a fake, it still makes for an interesting image.

Close up of Hands of God Image

A close up of part of the image makes the manipulation clearly apparent.

Fw: The Hands of God - Awesome picture

Got this today! Please pass it on...

A friend of mine sent this photo of a cloud formation in the aftermath of Hurricane Charley. I think it is awesome and needed to be passed on. I truly hope that all of you will be able to view it.

Hands of God Image

Discuss This Story


Phisher Scammers Continue to Target Major Institutions

As usual, the phisher scammers have been busy. I have recently received scam emails that target MSN, Citizens Bank, Citibank and the US Bank although I do not hold an account with any of these institutions. Other current scam emails target ANZ, Westpac, Suntrust, Paypal and eBay. These fraudulent emails arrive in HTML format and are adorned with logos, colours and copyright notices closely resembling those used by the targeted institution.

The emails use a variety of excuses to trick potential victims into clicking on links provided. These links lead to fraudulent web pages that are cleverly designed to mimic the legitimate website of the targeted institution. Visitors to these bogus websites are asked to submit financially sensitive information such as passwords and account numbers. Information provided is sent directly to the criminals behind the scam and will likely be used to commit fraud and/or steal the victim's identity.

HTML examples of recent phisher scam emails can be viewed via the links below:

Citizens Bank
US Bank

It is highly unlikely that any legitimate institution would request financially sensitive information via email. If you receive such a request, do not reply and do not click on any links provided. Contact the institution directly if you have the slightest doubt regarding the veracity of a message. You should also check the institution's real website, as information about current phisher scams is often provided.

Read more about phisher scams.

Discuss This Story


Internet Worm SMTP Engines Explained

It is very common to encounter a phrase such as "uses its own SMTP engine" when reading virus descriptions. I often use such a phrase when discussing Internet worms in the Hoax-Slayer Newsletter. Reader feedback indicates that the meaning of "uses its own SMTP engine" may be somewhat obscure to many computer users, so I've put together the following brief explanation.

"SMTP" stands for Simple Mail Transfer Protocol. A "protocol" as it relates to the computing field, is a formal set of rules that describe how to transmit data. As the name suggests, SMTP is a protocol for transferring e-mail messages and is used legitimately and effectively (along with other protocols) by email programs such as Outlook Express, Pegasus Mail and others. SMTP is quite old by Internet standards but is still relatively efficient and easy to implement. These qualities make it a valuable tool for virus writers intent on wreaking maximum havoc. Many modern Internet worms have SMTP engines built directly into their code and can bypass existing email programs completely. Basically, such a worm comes loaded with everything it needs to establish a connection with a mail server and send itself to any email addresses it has harvested from the infected computer. Since the worm does not use an existing email application, the operator of the infected computer might not even be aware that a worm is propagating itself.

The above is a very simple overview of a quite complex subject area. You can read a much more thorough treatment of the subject via the link below:

With viruses and worms continually increasing in complexity, it is more important than ever to maintain a secure computing environment.

Discuss This Story


Virus Report: Weekly Virus Wrap-Up

For more information on current virus threats visit Symantec Security Response

Another variant of the Bugbear worm, W32.Bugbear.M@mm is currently active. The worm searches specified files on the infected computer and sends itself to them using its own SMTP engine. The Subject line of the infected email starts with "Re:" and the name of the attachment varies.

W32.Mydoom.R@mm also uses its own SMTP engine to send itself to email addresses found on the infected computer. The "From:" field of the infected email is spoofed. The attachment will have a .bat, .cmd, .exe, .pif, .scr, or .zip extension.

W32.Blackmal.C@mm is a worm that can delete files associated with some security software. It sends itself to email addresses that it finds in Yahoo Pager and MSN messenger address books and other files on the infected computer. This worm also uses its own SMTP engine to spread. The subject line of the infected email will be one of the following:

For all
Please reactive now.
Please reactive now
Thank you
please reactive
Discuss This Story


HIV Needle Hoax Still Circulating

Many versions of this hoax have circulated over the last few years. All are equally false. The first example below is a French version and involves HIV needles on theatre seats. A similar Australian version has also been circulating during 2004.

Around October 2003, another version of the hoax was finding its way into Canadian inboxes. This version claims that hypodermic needles have been attached to gas pump handles and that people have tested HIV positive as a result of being pricked by the needles. The Canadian version is very similar to the original US version (reproduced below), which began hitting inboxes in 2000.

An even earlier version of the hoax claimed that drug users were disposing of needles in the coin slots of payphones, thereby infecting innocent phone users.

Occasionally, syringes are found in places where they could cause injury to unsuspecting members of the public, including a case where an insulin needle was left in a pay phone coin return. However, there is no evidence that the callous and deliberate terror campaign outlined in these hoax emails has ever occurred.

The Center for Disease Control has information about these hoaxes on its website.

French Version:
What lies behind us and what lies ahead of us are tiny matters compared to what lies within us". This happened in Paris. A few weeks ago, in a movie theatre, a person sat on something poking on one of the seats. When she got up to see what it was, she found a needle sticking out of the seat with a note attached saying: "You have just been infected by HIV". The Disease Control Centre (in Paris) reports many similar events in many other cities recently. All tested needles are HIV Positive. The Centre also reports that needles have been found in the cash dispensers at public Banking Machines. We ask everyone to use extreme caution when faced with this kind of situation. All public chairs/seats should be inspected with vigilance and caution before use. A careful visual inspection should be enough. In addition, they ask that each of you pass this message along to all members of your family and your friends of the potential danger. Recently, one doctor has narrated somewhat a similar instance happened at the Priya Cinema in Delhi to one of his patients. A Young Girl engaged and about to be married in a couple of months was pricked while the movie was going on. The tag with the needle had the message "Welcome to the World of HIV+ family". Though the doctors told her family that it takes about 6 months before the virus grow > strong enough to start damaging your system and a healthy victim could survive about 5-6 years. The girl died in 4 months, perhaps more because of the "Shock thought". We all have to be careful at public places, rest God help!

Original US Version:
My name is Captain Abraham Sands of the Jacksonville, Florida Police Department. I have been asked by state and local authorities to write this email in order to get the word out to car drivers of a very dangerous prank that is occurring in numerous states.

Some person or persons have been affixing hypodermic needles to the underside of gas pump handles. These needles appear to be infected with HIV positive blood. In the Jacksonville area alone there have been 17 cases of people being stuck by these needles over the past five months. We have verified reports of at least 12 others in various states around the country.

It is believed that these may be copycat incidents due to someone reading about the crimes or seeing them reported on the television. At this point no one has been arrested and catching the perpetrator(s) has become our top priority.

Shockingly, of the 17 people who where stuck, eight have tested HIV positive and because of the nature of the disease, the others could test positive in a couple years.

Evidently the consumers go to fill their car with gas, and when picking up the pump handle get stuck with the infected needle. IT IS IMPERATIVE TO CAREFULLY CHECK THE HANDLE of the gas pump each time you use one. LOOK AT EVERY SURFACE YOUR HAND MAY TOUCH, INCLUDING UNDER THE HANDLE.

If you do find a needle affixed to one, immediately contact your local police department so they can collect the evidence.


Discuss This Story


Tip of the Week: Start a Blog!

If you have something to say and would like to share it with the world quickly and easily, then blogging could be just the ticket.

There are plenty of free blogging related services around, but the one I'm currently using is Blogger. If you are not familiar with the heady world of blogging the following might give you a heads up. A blog is a website that can be very easily updated and modified whenever you feel like it. The beauty of a blog like the ones available at is that you do not need extensive web-development skills to use them. If you have a basic knowledge of computers and the Internet, then you could be happily blogging for free within the hour (grin).

A blog is a personal diary. A daily pulpit. A collaborative space. A political soapbox. A breaking-news outlet. A collection of links. Your own private thoughts. Memos to the world.

Your blog is whatever you want it to be. There are millions of them, in all shapes and sizes, and there are no real rules.

I have a Freeware Reviews blog that you might like to check out.


The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments