US-CERT Cyber Security Tip ST04-009 -- Identifying Hoaxes and UrbanLegends

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cyber Security Tip ST04-009
Identifying Hoaxes and Urban Legends

Chain letters are familiar to anyone with an email account, whether
they are
sent by strangers or well-intentioned friends or family members. Try to
verify the information before following any instructions or passing the
message along.

Why are chain letters a problem?

The most serious problem is from chain letters that mask viruses or other
malicious activity. But even the ones that seem harmless may have
negative
repercussions if you forward them:
* they consume bandwidth or space within the recipient's inbox
* you force people you know to waste time sifting through the
messages and
possibly taking time to verify the information
* you are spreading hype and, often, unnecessary fear and paranoia

What are some types of chain letters?

There are two main types of chain letters:
* Hoaxes - Hoaxes attempt to trick or defraud users. A hoax could be
malicious, instructing users to delete a file necessary to the
operating
system by claiming it is a virus. It could also be a scam that
convinces
users to send money or personal information. Phishing attacks
could fall
into this category (see Avoiding Social Engineering and Phishing
Attacks
for more information).
* Urban legends - Urban legends are designed to be redistributed and
usually warn users of a threat or claim to be notifying them of
important or urgent information. Another common form are the
emails that
promise users monetary rewards for forwarding the message or suggest
that they are signing something that will be submitted to a
particular
group. Urban legends usually have no negative effect aside from
wasted
bandwidth and time.

How can you tell if the email is a hoax or urban legend?

Some messages are more suspicious than others, but be especially
cautious if
the message has any of the characteristics listed below. These
characteristics are just guidelines�not every hoax or urban legend
has these
attributes, and some legitimate messages may have some of these
characteristics:
* it suggests tragic consequences for not performing some action
* it promises money or gift certificates for performing some action
* it offers instructions or attachments claiming to protect you from a
virus that is undetected by anti-virus software
* it claims it's not a hoax
* there are multiple spelling or grammatical errors, or the logic is
contradictory
* there is a statement urging you to forward the message
* it has already been forwarded multiple times (evident from the
trail of
email headers in the body of the message)

If you want to check the validity of an email, there are some
websites that
provide information about hoaxes and urban legends:
* Urban Legends and Folklore - http://urbanlegends.about.com/
* Urban Legends Reference Pages - http://www.snopes.com/
* TruthOrFiction.com - http://www.truthorfiction.com/
* Symantec Security Response Hoaxes -
http://www.symantec.com/avcenter/hoax.html
* McAfee Security Virus Hoaxes - http://vil.mcafee.com/hoax.asp
__________________________________________________ _______________

Authors: Mindi McDowell, Allen Householder
__________________________________________________ _______________

Produced 2004 by US-CERT, a government organization.

Last updated August 25, 2009.

Note: This tip was previously published and is being re-distributed
to increase awareness.

Terms of use

http//www.us-cert.gov/legal.html

This document can also be found at

http//www.us-cert.gov/cas/tips/ST04-009.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit
http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSpVpG3IHljM+H4irAQJi6ggAqgPzvqJ+Rx7r3UpZEy qdVVyOS0GJ8N1Q
EDUljmu3xJKD7N6E+k0FQ59gs72BnMuk10VDEiSg1siR8ElVxg YmIpd1m0CFYx8Q
aLEFGZvoJ8IiSYUtiGVAFEGPkfYygIB2Ql5JmzYW8dokuK/7+UT8uFAXoeBTs9JZ
nPYPWMgjvA5IlsimDyAPeprNIsycw06qEgUjJJO/bm/1fRq1LD+l3LYL3AKhrZUo
XtjZJDkG2i6m9c20ApnMotfMKJ2/6xFpiUwHRp1JqgqmXSA7LIDd6pygMmYiZTHQ
0p7rUEcKMaZ9AdBpEL2jB/AE0O5lO9K/0O26r4rqgc/Eh2A06b/xoQ==
=EYAk
-----END PGP SIGNATURE-----

MEB wrote:


Cyber Security Tip ST04-009
Identifying Hoaxes and Urban Legends

Urban legends usually have no negative effect aside from
wasted bandwidth and time.


As usual, MEB's post was a waste of time and bandwidth.

Off-topic for Windows 98.

Why don't you post this in one of these microsoft groups:

microsoft.public.security.virus
microsoft.public.security.homeusers
microsoft.public.windowsxp.general

Why do you insist on posting these off-topic CERT publications here?

If you're truly genuine and want to alert the world of these threats,
why don't you do it in a more applicable forum, and one that reaches
more people?

The truth is that your security warnings are fit only for posting to
this newsgroup:

microsoft.public.mom.security

Why don't you go and hang out with moms? At least you can impress that
crowd with your fake knowledge and gonzo-legal speak.

MEB wrote:


Cyber Security Tip ST04-009
Identifying Hoaxes and Urban Legends

Urban legends usually have no negative effect aside from
wasted bandwidth and time.


As usual, MEB's post was a waste of time and bandwidth.

Off-topic for Windows 98.

Why don't you post this in one of these microsoft groups:

microsoft.public.security.virus
microsoft.public.security.homeusers
microsoft.public.windowsxp.general

Why do you insist on posting these off-topic CERT publications here?

If you're truly genuine and want to alert the world of these threats,
why don't you do it in a more applicable forum, and one that reaches
more people?

The truth is that your security warnings are fit only for posting to
this newsgroup:

microsoft.public.mom.security

Why don't you go and hang out with moms? At least you can impress that
crowd with your fake knowledge and gonzo-legal speak.

98 Guy wrote:
MEB wrote:

Cyber Security Tip ST04-009
Identifying Hoaxes and Urban Legends

Urban legends usually have no negative effect aside from
wasted bandwidth and time.


As usual, MEB's post was a waste of time and bandwidth.

Off-topic for Windows 98.

Why don't you post this in one of these microsoft groups:

microsoft.public.security.virus
microsoft.public.security.homeusers
microsoft.public.windowsxp.general

Why do you insist on posting these off-topic CERT publications here?

If you're truly genuine and want to alert the world of these threats,
why don't you do it in a more applicable forum, and one that reaches
more people?

The truth is that your security warnings are fit only for posting to
this newsgroup:

microsoft.public.mom.security

Why don't you go and hang out with moms? At least you can impress that
crowd with your fake knowledge and gonzo-legal speak.

Really, so, according to you, 9X users no longer receive email,,, yeah,
you continually show how *dim a bulb* you really are...

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

98 Guy wrote:
MEB wrote:

Cyber Security Tip ST04-009
Identifying Hoaxes and Urban Legends

Urban legends usually have no negative effect aside from
wasted bandwidth and time.


As usual, MEB's post was a waste of time and bandwidth.

Off-topic for Windows 98.

Why don't you post this in one of these microsoft groups:

microsoft.public.security.virus
microsoft.public.security.homeusers
microsoft.public.windowsxp.general

Why do you insist on posting these off-topic CERT publications here?

If you're truly genuine and want to alert the world of these threats,
why don't you do it in a more applicable forum, and one that reaches
more people?

The truth is that your security warnings are fit only for posting to
this newsgroup:

microsoft.public.mom.security

Why don't you go and hang out with moms? At least you can impress that
crowd with your fake knowledge and gonzo-legal speak.

Really, so, according to you, 9X users no longer receive email,,, yeah,
you continually show how *dim a bulb* you really are...

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

MEB wrote:

The truth is that your security warnings are fit only for posting
to this newsgroup:

microsoft.public.mom.security

Really, so, according to you, 9X users no longer receive email,,,
yeah, you continually show how *dim a bulb* you really are...

Win 9x users also drive cars. Does that mean I should post auto recall
notices here too?

You are the dim bulb.

There are newsgroups (yes, even microsoft newsgroups) that pertain to
security. Why would it not be more appropriate to post those CERT
warnings there?

You should post them there, and then advocate that win-9x users also
read those security groups. Why don't you do that?

Why do you care only about win-9x users? Don't you want XP users to
also know about those CERT warnings? Why don't you also post them to
the XP-related groups?

MEB wrote:

The truth is that your security warnings are fit only for posting
to this newsgroup:

microsoft.public.mom.security

Really, so, according to you, 9X users no longer receive email,,,
yeah, you continually show how *dim a bulb* you really are...

Win 9x users also drive cars. Does that mean I should post auto recall
notices here too?

You are the dim bulb.

There are newsgroups (yes, even microsoft newsgroups) that pertain to
security. Why would it not be more appropriate to post those CERT
warnings there?

You should post them there, and then advocate that win-9x users also
read those security groups. Why don't you do that?

Why do you care only about win-9x users? Don't you want XP users to
also know about those CERT warnings? Why don't you also post them to
the XP-related groups?

98 Guy wrote:
MEB wrote:

The truth is that your security warnings are fit only for posting
to this newsgroup:

microsoft.public.mom.security
Really, so, according to you, 9X users no longer receive email,,,
yeah, you continually show how *dim a bulb* you really are...

Win 9x users also drive cars. Does that mean I should post auto recall
notices here too?

You are the dim bulb.

There are newsgroups (yes, even microsoft newsgroups) that pertain to
security. Why would it not be more appropriate to post those CERT
warnings there?

You should post them there, and then advocate that win-9x users also
read those security groups. Why don't you do that?

Why do you care only about win-9x users? Don't you want XP users to
also know about those CERT warnings? Why don't you also post them to
the XP-related groups?

I owe no users of XP, VISTA, or other Microsoft products, any form of
help or otherwise, I have never suggested or advised of their usage.
I need post no where else, it is a matter of my personal choice.

Still trying to tell us what we can post and where huh,,, do you think
ANYONE ANYWHERE cares what you think or want... here you are, ONCE
AGAIN, posting drivel into an advisement of value to 9X users....

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

98 Guy wrote:
MEB wrote:

The truth is that your security warnings are fit only for posting
to this newsgroup:

microsoft.public.mom.security
Really, so, according to you, 9X users no longer receive email,,,
yeah, you continually show how *dim a bulb* you really are...

Win 9x users also drive cars. Does that mean I should post auto recall
notices here too?

You are the dim bulb.

There are newsgroups (yes, even microsoft newsgroups) that pertain to
security. Why would it not be more appropriate to post those CERT
warnings there?

You should post them there, and then advocate that win-9x users also
read those security groups. Why don't you do that?

Why do you care only about win-9x users? Don't you want XP users to
also know about those CERT warnings? Why don't you also post them to
the XP-related groups?

I owe no users of XP, VISTA, or other Microsoft products, any form of
help or otherwise, I have never suggested or advised of their usage.
I need post no where else, it is a matter of my personal choice.

Still trying to tell us what we can post and where huh,,, do you think
ANYONE ANYWHERE cares what you think or want... here you are, ONCE
AGAIN, posting drivel into an advisement of value to 9X users....

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

MEB wrote:

Why do you care only about win-9x users? Don't you want XP
users to also know about those CERT warnings? Why don't you
also post them to the XP-related groups?

I owe no users of XP, VISTA, or other Microsoft products,
any form of help or otherwise,

I never implied that you *owed* help to anyone.

But nonetheless you do post material here that passes as your version of
help.

If these cert warnings are not a form of help - then what are they?

I have never suggested or advised of their usage.

Suggestions of their usage was, again, never indicated by my questions.

When I asked you why you post these cert warnings here, to a win-98
group, and not to a security-focused group or even an XP-focused group,
your response that you don't "suggest or advise of their usage" (XP,
vista, etc) was immaterial to my question.

I need post no where else, it is a matter of my personal choice.

Why do you need post at all?

And why post these cert warnings in a manner that violates established
protocal? A protocal was created by establishing a set of microsoft
discussion groups, each for the purpose of discussing specific topics.
Your posts of these cert warnings does not meet the criteria for a
windows-98-centric post.

And still you haven't answered the question - why do you single out a
windows-98 group for these posts? If your intentions are genuine, then
the largest audience for them is either one (or several)
security-related groups, or one (or more) XP-related groups.

Still trying to tell us what we can post and where huh

I'm asking you to explain your logic why you post those cert warnings
here.

I provided a logical argument why they should be posted to other
groups. Your retort was that it's your personal choice - which
indicates that you can't defend your reasons in any rational, logical
way.

do you think ANYONE ANYWHERE cares what you think or want...

Ah, so we're back to this again.

You never did respond to my observation that it must be important to you
if or how other people care about you.

here you are, ONCE AGAIN, posting drivel into an
advisement of value to 9X users....

Does it upset you that I am devaluing your material?

Is it important to you that others respect you and see your posts as
valuable?