What is a virus hoax and how can you spot one?
Posted on February 20, 2019 By Dennis
Virus hoaxes are fraudulent notifications about viruses. People generally receive them in their email inbox, through a company’s internal network, or even over social media.
They are a lot like the chain letters you get from your aunt, telling you that you will have five years of bad luck unless you forward the message to all of your contacts. Just like the letters from your aunt, nothing happens if you ignore them.
Virus hoaxes are generally harmless. Most of them simply annoy their recipients, or waste the time of those who send them onward. The motives behind these hoaxes vary, but they generally seem to be sent for the amusement of the author, to see just how gullible people are and how far they can make the message spread.
Some virus hoaxes are a little more sinister. Instead of just frightening the recipient and urging them to forward the message, they may also encourage them to take some action that will damage or compromise the security of their computer to get rid of the “virus”.
These include commands to delete System32, jdbgmgr.exe or SULFNBK.EXE. Each of these commands can have negative effects. Deleting the System32 folder, for example, can only be fixed by reinstalling Windows. While these virus hoaxes still don’t involve any malware, they can end up causing problems that are just as significant.
How to identify whether you received a virus hoax or a real virus
Virus hoaxes tend to share a similar style, including outrageous, exceptional or even impossible claims. They might tell you that your computer will explode, your hard drive will be erased, or that all of your accounts have been taken over.
Often, they include details that don’t make any sense from a technological perspective, but they tend to take advantage of internet users who aren’t particularly tech savvy. They are usually accompanied by appeals to urgency, to “act now or the problem will get much worse”. Instilling a sense of urgency gets users to act quickly and forward the email before they get a chance to think or be skeptical about the claims.
There can also be an element of feigned authority to add to the pressure that a recipient feels. The message may claim that Microsoft or McAfee has issued a warning about the virus, or that it was originally published by a reputable news source like the New York Times. These techniques help to throw weight behind the claims made in the message.
As an example, the Olympic Torch Virus Hoax included the following lines:
This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.
One of the main features of virus hoaxes is that they will ask you to send the message onward to your contacts. Hoaxes may demand that you forward them, tell you that it is the only way you can fix the problem, or appeal to your decency and urge you to do it to protect your friends and colleagues. Using such forceful language helps to spread these virus hoaxes much further.
Famous virus hoaxes
There have been thousands of virus hoaxes that try to manipulate their recipients into forwarding the message. They seem to have become popular in the nineties, and have carried on ever since. Although they were originally restricted to email and internal company systems, new technology has seen them appear on social media and other sources.
Some of the more famous virus hoaxes include:
As mentioned above, the System32 hoax can cause significant damage to your PC. Over the years, it has circulated through a number of different channels, but the common thread is that they will all urge you to delete System32. This is a critical folder in Windows. Once you have deleted it, the only solution is to reinstall Windows. Anything that hasn’t been backed up will be lost.
This is another harmful hoax. It was first seen in the early 2000s and tried to make its recipients delete the jdbgmgr.exe file in Windows. The file contains the Debugger Registrar for Java. This only affects Java developers who relied on Microsoft Visual J++ v1.1, since the file does not impact other programs.
Martinelli WhatsApp hoax
This hoax originally spread in 2017 in Spanish, but has since made its way into the English speaking world. The Martinelli message claims that WhatsApp will be releasing a video called Martinelli on the following day. If users open the video, it will “hack their phone and nothing will fix it.” Of course, the video isn’t real, and it’s just another message that spread with the power of people’s fears.
In 2018, a significant number of Facebook users fell for a similar hoax. It was spread through private messages over the platform. Recipients would receive a message from a contact who claimed that they had received “…another friend request from you, which I ignored, so you may want to check your account.”
It went on to instruct the recipient to forward the message to all of their contacts. It seems to have played on people’s fears that their Facebook accounts had been “cloned”, which is an attack where hackers copy someone’s details and use them to create a new account. They then add all of the target’s friends on this new account, which appears to be the same.
Cloning is generally used for phishing or to spread malware, because people are far more likely to divulge information to someone that they think is their friend, rather than a random person on the internet. While this is a real threat, 2018’s hoax had nothing to do with it. It was simply a message that went viral, scaring people into forwarding it to their friends.
Technically, this Facebook message wasn’t a virus hoax, because it doesn’t contain any mention of a virus. Despite this, it’s still similar in a lot of ways. These include how the message was worded, and the fact that it spread through fear of online attacks, even though nothing was actually taken place.
How to tell if it’s a real virus or a virus hoax
If you receive a message about a virus and you aren’t sure whether or not it’s a hoax, you can look for a few clues. As we noted earlier, virus hoaxes tend to make pretty bold claims that might not have any basis in reality, and they tend to urge you to act as soon as possible to send the message onward.
If the message ticks these boxes, your suspicions might be correct. To confirm whether or not it is a hoax, you should visit one of the online hoax repositories. Mcafee, Symantec, Sophos and others have comprehensive lists of virus hoaxes that you can search through.
You can look through their collections for something that matches the subject line or key details of the message you received. If it fails to show up, try Googling the key terms to see if you can find anything. Unless you are patient zero, information should come up which tells you if it is a real virus, or just a hoax
If the virus hoax makes any claims from a big tech company or a reputable news source, these will be easy to verify. If the message says that it’s “the worst attack Symantec has ever seen”, or that CNN broke the story, you will be able to find out whether it is legitimate by searching for the keywords alongside the company’s name.
What should you do if you receive a virus hoax?
If you receive a potential virus hoax, be calm and don’t make any rash decisions. Don’t immediately send it on out of fear, or because you think it’s better to be safe than sorry. It’s important to be cautious in your approach, but taking a couple more minutes to collect information won’t make the situation worse.
The first step is to determine whether or not it is a hoax. If you receive the message at work, just refer it to the IT department and let them take care of it. If not, look for those telltale signs that we mentioned earlier, and browse through the hoax repositories that we linked above.
If it turns out to be a virus, seek out information from reputable websites on how to deal with it. If that’s out of your reach, your best option will be to call in an IT specialist. If the message turns out to be a hoax, then life is easy. All you have to do is forget about it. You can delete it if you want, but it doesn’t really matter.
The most important thing is that you do not spread the false information further by forwarding the message. Sending the message onward will only scare the recipients who can’t tell that its a hoax, and annoy everyone else.
It’s best to also advise whoever sent the message that it was a hoax. This can help to stop it from spreading further. It may be best to link information from one of the repositories mentioned above, because some people may need some evidence to convince them.
What can companies do to prevent virus hoaxes from spreading among their employees?
At an organizational level, the best solution is to put a strict policy in place. It should specify that if employees ever receive notifications about a virus, they should send it to the IT department, whether the notification seems to be fraudulent or not.
The policy should prevent them from forwarding the messages to their colleagues, specifying that once they have sent the message through, it is the IT department’s responsibility to address the situation.
This type of policy takes the decision out of the hands of employees, who often don’t have the technological knowledge to determine the veracity of these threats for themselves. If the message turns out to be about a real virus, the IT department can take the appropriate actions, which may or may not include notifying the rest of the workforce.
If the message turns out to be a hoax, then this policy should put a stop to its spread within the company. If anyone who receives it only sends it on to the IT department, it will prevent the virus hoax from becoming a workplace contagion.
While most virus hoaxes aren’t dangerous, they do take up people’s time and can cause them to act irrationally. You can help put a stop to them by being informed, taking the time to check them out and making sure that you don’t forward these hoaxes to your contacts.