E-mail virus hoax makes users do the dirty work
In the latest perverse trickery pulled off by someone taking pleasure in computer users' pain, a fake virus warning is circulating by e-mail asking people to delete an innocuous and uninfected executable Microsoft Corp. Windows file and then to pass the warning on to others.
The warning tells users to delete the sulfnbk.exe file, a utility used to restore long file names. The file isn't usually infected, and running a virus check on it will prove fruitless ... which just adds to the hoax's credibility. The message warns people that it's a virus undetectable by antivirus software. Diligent users who search for the file and find it may presume the warning was accurate and delete it.
Standard antivirus screens will not detect the warning e-mail itself, because it too is not a virus. But if users comply with the message, by deleting the file and forwarding the e-mail to others, the effect is similar.
The message begins, "FOLLOW THE INSTRUCTIONS, I HAD IT!!!!!...," according to Avert Labs, the anti-virus response division of anti-virus firm McAfee, which itself is a division of Network Associates Inc. "I received this message from a friend and today it is true. I searched for the file following the next instruction and I found it, I had it without knowing," the warning continues, providing instructions for finding and deleting the file.
"We actually received this one two weeks ago, in Portuguese," said Joe Hartmann, director of North American virus research for Avert. "A couple of days ago we received a version in English with some more text, adding a date to it, June 1."
An earlier, real threat -- the Magistr worm -- infected the sulfnbk.exe file, adding to user confusion. This e-mail hoax is unrelated to the earlier worm, which can be detected and destroyed by updated antivirus software.
Instructions for restoring the deleted file may be found at http://vil.mcafee.com/dispVirus.asp?virus_k=99084&/.
» posted by ITworld staff
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
