LangaList Standard Edition 2001-05-31

[Guest guest]

1) The " SULFNBK " June 1st Virus Hoax

I've gotten many notes from readers who forwarded a chain letter to me

(usually along with 500 other unlucky recipients) that went something

like this:

Do you believe that a friend of mine sent me an alert and the

procedure that we have to follow for the possible infection of

SULFNBK.EXE . And I had checked, just to make sure.

An then... the file was there, hidden even of McAfee and

Norton, maybe waiting something to start work....

The original recipients of this note checked their systems and were

alarmed when they find SULFNBK.EXE there. Well, SULFNBK.EXE

file is a normal part of Windows that's used in managing long

file names (the file is usually found in in your C:\Windows\Command

folder). Antivirus routines don't detect the file because it's not a

virus. The " virus " warning is a complete hoax.

There is a worm that can arrive as an email attachment named SULFNBK.EXE,

but that has nothing to do with the current hoax. All the

major AV tools know how to handle that worm; and by now everyone should

know that you should never, ever---- EVER--- click on any email

attachment, no matter what it's named or whom it's from, without first

at least running it through an AV scanner. And in any case, the use of

the name SULFNBK.EXE is coincidental. The worm could have

been called any Windows file; there's nothing special about SULFNBK.EXE.

What's more, virus chain letters are almost always hoaxes: A good rule

of thumb is NEVER to forward any email just because it says " Urgent:

Pass this on to everyone! " or comes from a buddy. In fact, anytime you

get any email with a " pass this on to everyone! " in it, or a letter that

has been forwarded dozens of times, it's almost always (99.99999% of the

time) a hoax or scam designed solely to generate a chain letter--- that

is, to trick the gullible into perpetrating the hoax.

Don't be taken in! It only takes *literally* a minute to find out about

if any email about:

--supposed virus alerts (even if the email says they're " confirmed by

IBM, Microsoft, AOL and Oracle " or some such)

--pending legislation, including email surcharges and taxes

--sick/dying/missing children who need email or prayers

--body part theft rings

--free vacation giveaways

--free money or products from Bill Gates (or Disney or AOL or Nokia

or....) to those who forward the most emails

--foreign government workers who will pay you to let them move large

sums of money through your bank account

--or any of hundreds of similar chain letters.

These are ALL almost always pure, utter hoaxes and scams.

You can make yourself chain-letter-proof by taking literally about a

minute to check up on any claims made in chain letters. There are any

number of resources you can use, including:

Symantec Anti Virus Research Center at

http://www.symantec.com/avcenter/index.html

McAfee Associates Virus Hoax List at http://vil.mcafee.com/hoax.asp?

Department of Energy Computer Incident Advisory Capability at

http://ciac.llnl.gov/ciac/CIACHoaxes.html

Debunking online and email hoaxes: http://www.kumite.com/myths/

The Urban Legends Web Site at http://www.urbanlegends.com

Urban Legends Reference Pages at http://www.snopes.com

Datafellows Hoax Warnings at

http://www.Europe.Datafellows.com/news/hoax.htm

ALWAYS take a few seconds to verify the truth of any chain email like

this, and then tell your friends ONLY if it proves true. Otherwise,

you're not doing your friends any favors, and in fact, you're just

helping the hoaxers to waste people's time and bandwidth.

Additional resources to strengthen your BS detectors:

How To Evaluate Internet Research Sources at

http://www.virtualsalt.com/evalu8it.htm

How To Evaluate Information Sources at

http://www.vuw.ac.nz/~agsmith/evaln/evaln.htm