How to Spot Virus Hoaxes a Mile Off

A tech-savvy friend recently forwarded an e-mail message to me, warning of a PC virus that antivirus software couldn't detect. The alert said that his PC had been infected and that the virus had already sent itself to everyone in his address book, including me. The virus would lie dormant for two weeks "before damaging the system."

Yow! My friend's message identified jdbgmgr.exe as the infected file and told me to delete it. Bad idea. The executable file in question is actually built into Windows. If you delete it, then some Web sites that rely on Java won't work properly. My friend had fallen for a recent virus hoax.

It's just one of many virus hoaxes making the rounds these days--and they're not going away. In fact, most new hoaxes are merely older ones that have been modified and put back into circulation. In this way, virtually all hoaxes stick around for years. For details about the latest hoaxes, check out McAfee.com's alerts page or see Symantec's list.

Meanwhile, have you been getting some unusual alerts lately? Here are some tips on how to identify virus hoaxes:

1. Detect the undetectable. Beware of warnings that claim a virus is undetectable. In general, if you keep your antivirus software up-to-date, your system will nab the latest viruses.
2. Study the subject. If the e-mail message's subject line includes words such as "Urgent," "Warning," or even "Virus Alert," it's often a good indication that you're dealing with a hoax. Read the e-mail message with great skepticism, not great urgency.
3. Beware of tech talk. Look out for pseudo-technical discussions on the dangers of the virus. Some hoax messages include pure gobbledygook.
4. Check the sources. To create an aura of credibility, a hoax often quotes a well-known company or agency, such as Microsoft, the Federal Communications Commission, or an antivirus company. Check the Web sites of the sources quoted (or see your antivirus vendor's site). Remember also that Microsoft never posts virus alerts via e-mail.
5. Scrutinize the instructions. Beware of messages that insist you delete a file manually. True, at times you should do so, but in the context of the other tip-offs, this instruction should raise a red flag.
6. Don't spread the word. False alerts always urge you to tell everyone you know. Genuine alerts never do. Ignore the instructions, delete the message, and don't alarm everyone on your mailing list.

Gopher Hole in Internet Explorer

Finnish security firm Oy Online Solutions found another security hole in Internet Explorer, versions 5.01 through 6.0. This one affects an outdated feature called Gopher--a protocol that was used for accessing text pages over the Internet before the advent of the World Wide Web. Hardly anyone uses Gopher these days, but IE still includes the capability. Even if you don't use Gopher, a cracker could entice you to click a Web link or open an HTML e-mail that would allow the intruder to take over your PC. At press time there was no sign of a patch, but Microsoft did post a workaround.

In Brief

Yahoo IM Flaw

Older versions of Yahoo Messenger have several security holes that could allow bad guys to take over your system. The company has posted a new version that takes care of the flaws. Download and install the update, version 5.0.0.1065.

Patch Gets Patched

Microsoft has released an updated version of its MSN Chat control--a part of MSN Messenger--to plug a security hole it didn't fix completely in an earlier update. So it's time to download a new fix--whether you grabbed the previous one or not. Sigh.

Bugged?

Found a hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.

Stuart J. Johnston is a contributing editor for PC World.