23 Nov 1999
|
What is a hoax? |
|
How do hoaxes cost money? |
|
How to prevent hoaxes from spreading in your company |
|
Keep yourself informed |
The Sophos help desk receives more calls about virus hoaxes than any individual real virus. Virus hoaxes are false reports about non-existent viruses, often claiming to do impossible things. Unfortunately some recipients occasionally believe a hoax to be a true virus warning and may take drastic action (such as shutting down their network).
Typically, hoaxes are emails which describe a dangerous new undetectable virus, usually using bogus technical terms. Hoaxes often ask you to avoid reading or downloading emails that have a particular subject line. Examples include Budweiser Frogs, It Takes Guts to Say Jesus, and Join the Crew.
For instance, the Good Times hoax claims to put your computer's CPU in "an nth-complexity infinite binary loop which can severely damage the processor". The hoax warns you not to read or download anything with the subject "Good Times" because the message is a virus. It then urges you to forward the warning to as many people as possible.
The amount of email that a typical hoax can generate is also a cost to organisations. Once a few people in your company have received a warning and mailed it to all their friends and colleagues, a mail overload can easily result.
Here is an example policy you could use:
"You shall not forward any virus warnings of any kind to *anyone* other than <insert name of the department or staff member who looks after anti-virus issues>. It doesn't matter if the virus warnings have come from an anti-virus vendor or been confirmed by any large computer company or your best friend. *All* virus warnings should be sent to <insert name>, and <insert name> alone. It is <insert name>'s job to send round all virus warnings, and a virus warning which comes from any other source should be ignored."