Что такое hoax вирус
Virus hoaxes are fraudulent notifications about viruses. People generally receive them in their email inbox, through a company’s internal network, or even over social media.
They are a lot like the chain letters you get from your aunt, telling you that you will have five years of bad luck unless you forward the message to all of your contacts. Just like the letters from your aunt, nothing happens if you ignore them.
Virus hoaxes are generally harmless. Most of them simply annoy their recipients, or waste the time of those who send them onward. The motives behind these hoaxes vary, but they generally seem to be sent for the amusement of the author, to see just how gullible people are and how far they can make the message spread.
Some virus hoaxes are a little more sinister. Instead of just frightening the recipient and urging them to forward the message, they may also encourage them to take some action that will damage or compromise the security of their computer to get rid of the “virus”.
These include commands to delete System32, jdbgmgr.exe or SULFNBK.EXE. Each of these commands can have negative effects. Deleting the System32 folder, for example, can only be fixed by reinstalling Windows. While these virus hoaxes still don’t involve any malware, they can end up causing problems that are just as significant.
How to identify whether you received a virus hoax or a real virus
Virus hoaxes tend to share a similar style, including outrageous, exceptional or even impossible claims. They might tell you that your computer will explode, your hard drive will be erased, or that all of your accounts have been taken over.
Often, they include details that don’t make any sense from a technological perspective, but they tend to take advantage of internet users who aren’t particularly tech savvy. They are usually accompanied by appeals to urgency, to “act now or the problem will get much worse”. Instilling a sense of urgency gets users to act quickly and forward the email before they get a chance to think or be skeptical about the claims.
There can also be an element of feigned authority to add to the pressure that a recipient feels. The message may claim that Microsoft or McAfee has issued a warning about the virus, or that it was originally published by a reputable news source like the New York Times. These techniques help to throw weight behind the claims made in the message.
As an example, the Olympic Torch Virus Hoax included the following lines:
This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.
One of the main features of virus hoaxes is that they will ask you to send the message onward to your contacts. Hoaxes may demand that you forward them, tell you that it is the only way you can fix the problem, or appeal to your decency and urge you to do it to protect your friends and colleagues. Using such forceful language helps to spread these virus hoaxes much further.
Famous virus hoaxes
There have been thousands of virus hoaxes that try to manipulate their recipients into forwarding the message. They seem to have become popular in the nineties, and have carried on ever since. Although they were originally restricted to email and internal company systems, new technology has seen them appear on social media and other sources.
Some of the more famous virus hoaxes include:
As mentioned above, the System32 hoax can cause significant damage to your PC. Over the years, it has circulated through a number of different channels, but the common thread is that they will all urge you to delete System32. This is a critical folder in Windows. Once you have deleted it, the only solution is to reinstall Windows. Anything that hasn’t been backed up will be lost.
This is another harmful hoax. It was first seen in the early 2000s and tried to make its recipients delete the jdbgmgr.exe file in Windows. The file contains the Debugger Registrar for Java. This only affects Java developers who relied on Microsoft Visual J++ v1.1, since the file does not impact other programs.
This hoax originally spread in 2017 in Spanish, but has since made its way into the English speaking world. The Martinelli message claims that WhatsApp will be releasing a video called Martinelli on the following day. If users open the video, it will “hack their phone and nothing will fix it.” Of course, the video isn’t real, and it’s just another message that spread with the power of people’s fears.
In 2018, a significant number of Facebook users fell for a similar hoax. It was spread through private messages over the platform. Recipients would receive a message from a contact who claimed that they had received “…another friend request from you, which I ignored, so you may want to check your account.”
It went on to instruct the recipient to forward the message to all of their contacts. It seems to have played on people’s fears that their Facebook accounts had been “cloned”, which is an attack where hackers copy someone’s details and use them to create a new account. They then add all of the target’s friends on this new account, which appears to be the same.
Cloning is generally used for phishing or to spread malware, because people are far more likely to divulge information to someone that they think is their friend, rather than a random person on the internet. While this is a real threat, 2018’s hoax had nothing to do with it. It was simply a message that went viral, scaring people into forwarding it to their friends.
Technically, this Facebook message wasn’t a virus hoax, because it doesn’t contain any mention of a virus. Despite this, it’s still similar in a lot of ways. These include how the message was worded, and the fact that it spread through fear of online attacks, even though nothing was actually taken place.
How to tell if it’s a real virus or a virus hoax
If you receive a message about a virus and you aren’t sure whether or not it’s a hoax, you can look for a few clues. As we noted earlier, virus hoaxes tend to make pretty bold claims that might not have any basis in reality, and they tend to urge you to act as soon as possible to send the message onward.
If the message ticks these boxes, your suspicions might be correct. To confirm whether or not it is a hoax, you should visit one of the online hoax repositories. Mcafee, Symantec, Sophos and others have comprehensive lists of virus hoaxes that you can search through.
You can look through their collections for something that matches the subject line or key details of the message you received. If it fails to show up, try Googling the key terms to see if you can find anything. Unless you are patient zero, information should come up which tells you if it is a real virus, or just a hoax
If the virus hoax makes any claims from a big tech company or a reputable news source, these will be easy to verify. If the message says that it’s “the worst attack Symantec has ever seen”, or that CNN broke the story, you will be able to find out whether it is legitimate by searching for the keywords alongside the company’s name.
What should you do if you receive a virus hoax?
If you receive a potential virus hoax, be calm and don’t make any rash decisions. Don’t immediately send it on out of fear, or because you think it’s better to be safe than sorry. It’s important to be cautious in your approach, but taking a couple more minutes to collect information won’t make the situation worse.
The first step is to determine whether or not it is a hoax. If you receive the message at work, just refer it to the IT department and let them take care of it. If not, look for those telltale signs that we mentioned earlier, and browse through the hoax repositories that we linked above.
If it turns out to be a virus, seek out information from reputable websites on how to deal with it. If that’s out of your reach, your best option will be to call in an IT specialist. If the message turns out to be a hoax, then life is easy. All you have to do is forget about it. You can delete it if you want, but it doesn’t really matter.
The most important thing is that you do not spread the false information further by forwarding the message. Sending the message onward will only scare the recipients who can’t tell that its a hoax, and annoy everyone else.
It’s best to also advise whoever sent the message that it was a hoax. This can help to stop it from spreading further. It may be best to link information from one of the repositories mentioned above, because some people may need some evidence to convince them.
What can companies do to prevent virus hoaxes from spreading among their employees?
At an organizational level, the best solution is to put a strict policy in place. It should specify that if employees ever receive notifications about a virus, they should send it to the IT department, whether the notification seems to be fraudulent or not.
The policy should prevent them from forwarding the messages to their colleagues, specifying that once they have sent the message through, it is the IT department’s responsibility to address the situation.
This type of policy takes the decision out of the hands of employees, who often don’t have the technological knowledge to determine the veracity of these threats for themselves. If the message turns out to be about a real virus, the IT department can take the appropriate actions, which may or may not include notifying the rest of the workforce.
If the message turns out to be a hoax, then this policy should put a stop to its spread within the company. If anyone who receives it only sends it on to the IT department, it will prevent the virus hoax from becoming a workplace contagion.
While most virus hoaxes aren’t dangerous, they do take up people’s time and can cause them to act irrationally. You can help put a stop to them by being informed, taking the time to check them out and making sure that you don’t forward these hoaxes to your contacts.
Interspersed among the junk mail and spam that fills our Internet e-mail boxes are dire warnings about devastating new viruses, Trojans that eat the heart out of your system, and malicious software that can steal the computer right off your desk. Added to that are messages about free money, children in trouble, and other items designed to grab you and get you to forward the message to everyone you know. Mostly all of these messages are hoaxes or chain letters.
While hoaxes do not automatically infect systems like a virus or Trojan, they are still time consuming and costly to remove from all the systems where they exist. We find that we spend much more time de-bunking hoaxes than handling real virus and Trojan incidents. This page describes some of the warnings, offers, and pleas for help that are filling our mailboxes, clogging our mailservers, and that generally do not have any basis in fact.
This hoax was to privately share joke virus warnings that parody the outlandish claims made by the hoaxes. Among these was the Honor System Virus, which took the form of a request for users to manually erase their hard drives. The Sulfnbk hoax used this idea, attempting to entice victims to erase a nonessential file from the Windows directory.
Here's part of that message: "A VIRUS could be in your computer files now, dormant but will become active on June 1. Try not to USE your Computer on June 1st. FOLLOW DIRECTIONS BELOW TO CHECK IF YOU HAVE IT AND TO REMOVE IT NOW. No Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru e-mail and migrates to the C:\windows\command' folder. To find it and get rid of it off of your computer, do the following. At this point, the e-mail provides instructions for deleting the file. You'll notice that this hoax message names a specific date. Adding to the confusion was the fact that the file indicated, Sulfnbk.exe, could become infected with other viruses and therefore appear infected to a virus scan."
The recent Jdbgmgr.exe virus hoax proved much more perilous than the Sulfnbk hoax; it instructs users to delete a useful Windows system file. The hoax describes an infection process similar to that of several real viruses—attacking Outlook and e-mailing itself to the contact list, for example.
Read this excerpt from the original message ( note the misspellings ): " I got this message about a virus that can produce lot of dammage to your computer. If you follow the instructions, which are very easy, you would be able to "clean" your computer.Apparently the virus spreads through the adresses book. I got it, then may be I passed it to you too, sorry.The name of the virus is Jdbgmgr.exe and is transmitted automatically through the Messanger and addresses book of the OUTLOOK. The virus is neither detected by Norton nor by Mc Afee. It remains in lethargy ("sleeping") for 14 days and even more, before it destroys the whole system. It can be eliminated during this period."
The rest of the message contains instructions for locating and deleting the Jdbgmgr.exe file. The file in question is the Java Debug Manager program, part of the Microsoft Java run-time engine. Although deleting the file will not cause Windows to fail, it can interfere with the proper function of Java applets.
Some genuine viruses—most notoriously, the ILoveYou, Melissa, and Anna Kournikova viruses—infect systems when a user clicks on an attachment. After the widespread media coverage of those viruses, users became skeptical of the notion of getting a virus merely by reading an e-mail. So hoaxes began appearing warning of viruses that come in e-mail attachments. One well-known case is the warning about a Budweiser Frog screen saver.
Read the following excerpt from this hoax message: "Someone is sending out a very cute screensaver of the Budweiser frogs. If you download it, you will lose everything! Your hard drive will crash and someone from the Internet will get your screen name and password! DO NOT DOWNLOAD IT UNDER ANY CIRCUMSTANCES! It just went into circulation yesterday. Please distribute this message. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from Microsoft. Please share it with everyone that might access the Internet.Once again, Pass This Along To EVERYONE in your address book so that this may be stopped. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time."
This e-mail message also cites an authority—Microsoft, this time—but doesn't include a link to information about it, or quotes from anyone at Microsoft. Note the claim that the virus went into circulation “yesterday”—a real warning would cite a specific date, not some ambiguous day.
This hoax message cites an announcement from IBM but doesn’t provide a direct quote. The warning about the common delivery failure e-mail title is also a nice touch. Check out these passages from the hoax message warning: ". about the It Takes Guts To Say Jesus virus:This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the Internet. Once again, pass this along to EVERYONE in your address book so that this may be stopped. Also, do not open or even look at any mail that says "RETURNED OR UNABLE TO DELIVER."This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP."
Although this message has been pretty well debunked, it still turns up from time to time, and variations on the theme are common.
This message hoax is a more recent variation that uses a provocative title. And just as real viruses change their tactics, so do bogus virus warnings. In a way, the change in hoax message tactics is encouraging; it implies a rising level of awareness among the potential audience. This particular message includes a line indicating the author would rather be inundated with 25 false warnings than fail to receive a real one.
And of course, this example has an attention-grabbing headline about the World Trade Center: "(FOR THOSE THAT DONT KNOW, "WTC" STANDS FOR THE WORLD TRADE CENTER. WHICH MAKES THIS VIRUS REALLY DANGEROUS BECAUSE PEOPLE WILL OPEN IT RIGHT AWAY. THINKING IT'S A STORY RELATING TO 9/11. PLEASE BE CAREFUL… :)BIGGGG TROUBLE . DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an e-mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all.If you receive an e-mail called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one!"
Although virus hoaxes may not have originated with the Good Times warning, it was one of the first to attract a lot of attention. It circulated throughout America Online but also appeared outside that system. It was typical of early virus hoaxes in that it warned that simply reading an e-mail purported to carry the virus could erase data.
Here is a passage from that original message: "There is a virus on America Online being sent by e-Mail. If you get anything called "Good Times," DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.Of course, savvy users realized that a plain text e-mail couldn't carry an active virus. However, to inexperienced users, the warning of something malicious appearing on their computers gave shape to unspoken fears of their computer’s mysterious workings."
Similar to the Budweiser Frogs hoax is this phony warning that would make users leery of popular virtual greeting cards: "A new virus has just been discovered that has been classified by Microsoft as the most destructive ever! This virus was discovered yesterday afternoon by McAfee and no vaccine has yet been developed. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning is stored.This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title "A Card for You."As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN. This alert was received by an employee of Microsoft itself. So don't open any mails with subject: "A Virtual Card for You. " As soon as you get the mail, delete it. Even if you know the sender.This warning combines citations from several authorities with ominous technobabble about destroying Sector Zero."
Notice that the warning anticipates the trend of viruses mailing themselves to a user’s contact list. Since one would expect most virtual cards to arrive from friends, the message warns about cards sent from someone the reader knows. Taken apart from the hoax, this is actually good advice, as many of the recent viruses raid the target computer’s address book and therefore often appear to be sent by someone the victim knows. It's important to tell your users that e-mail with unexpected attachments should always be regarded with discretion, even when the sender is trusted.
Что означает вердикт Hoax и почему подобное программное обеспечение становится все большей проблемой.
Астрологи объявили год Hoax: количество детектов удвоилось
Поводом для написания этого поста стало увеличение числа детектов нашими продуктами с вердиктом Hoax. Количество пользователей, столкнувшихся с подобным ПО, выросло за год в два раза. Одним словом, в зоне риска оказывается все больше пользователей. Поэтому мы считаем, что стоит уделить данной проблеме особое внимание. Начнем с краткой предыстории вопроса.
Многие пользователи жалуются на то, что компьютер стал медленнее загружаться, тормозить при запуске приложений или даже намертво зависать с ошибками. Рано или поздно с этой проблемой сталкиваются, наверное, все. Проявляется она оттого, что в процессе использования компьютер переполняется различными данными, а это влияет на скорость его работы.
Спрос рождает предложение, и в большом количестве стали появляться программы для ускорения и очистки компьютера. Бурный рост создания такого софта начался в конце 2000-х и продолжается по сей день.
Как правило, программы для очистки компьютера ищут неиспользуемые файлы и ключи реестра, временные файлы, программы в автозагрузке и так далее, а потом сообщают о наличии подобного цифрового мусора пользователю. Затем тот может принять решение об очистке, удалить все лишнее, что в самом деле оптимизирует некоторые действия при работе с системой.
К сожалению, далеко не все программное обеспечение для очистки и ускорения компьютера одинаково полезно. Помимо честных разработчиков, создающих программы, которые действительно помогают пользователям, в этой категории активно трудятся мошенники.
Что такое Hoax
Некоторые программы для очистки и ускорения компьютера вынуждают пользователя заплатить, чтобы избавить компьютер от якобы обнаруженных ими угроз. Важны тут две особенности, отличающие мошеннические программы от честных:
- Во-первых, такие программы намеренно вводят пользователя в заблуждение, значительно преувеличивая эффект имеющихся проблем или вовсе выдавая информацию о несуществующих ошибках.
- Во-вторых, они именно вынуждают, а не предлагают себя приобрести, объявляя пользователю, что без оплаты проблему не решить.
- HEUR:Hoax.Win32.Uniblue.gen
- Hoax.Win32.PCFixer.gen
- Hoax.Win32.DeceptPCClean.*
- Hoax.Win32.PCRepair.*
- HEUR:Hoax.Win32.PCRepair.gen
- HEUR:Hoax.MSIL.Optimizer.gen
- Hoax.Win32.SpeedUpMyPC.gen
После установки Hoax запускают процесс сканирования компьютера. Они могут проверять все то же, что проверяют легитимные чистильщики. После сканирования вводящие пользователей в заблуждение программы выводят окна с информацией о том, какие же проблемы они обнаружили.
И вот тут проявляется главная проблема такого ПО. Пользователю начинают показывать запугивающие сообщения об огромном количестве найденных ошибок или неполадок в системе. Вот пример чистильщика, значительно преувеличивающего критичность возможных проблем с ключами реестра:
Пример чистильщика, преувеличивающего значение возможных проблем с ключами реестра
При попытке закрыть программу появляется очередное запугивающее окно
Также Hoax-программы очень любят прописываться в автозапуск и заваливать пользователя всплывающими уведомлениями о том, что с компьютером что-то не в порядке.
Всплывающее уведомление Hoax-программы
Hoax-программы бывают не только для Windows. Вот пример для macOS: ситуация считается критической при незначительном заполнении логов и кеша.
Пример Hoax в macOS
Чтобы починить/исправить/устранить недостатки, нужно подписаться или приобрести полную версию софта. После оплаты полной версии многие программы действительно очистят компьютер, но значимость их услуг будет весьма завышена, как говорилось выше. Некоторые Hoax-программы могут и вовсе не очистить компьютер. Таким образом, в лучшем случае пользователь переплатит, а в худшем — выкинет деньги на ветер.
Некоторые разработчики мошеннических чистильщиков в своей жадности идут еще дальше и заодно с собственным творением устанавливают на компьютер жертвы дополнительные программы. Как правило, это рекламное ПО, но в некоторых случаях встречаются даже трояны.
Например, связавшись с Hoax, пользователь может нарваться на частичную блокировку компьютера. Программа, показанная ниже, разворачивается на полный экран, перекрывает панель инструментов, а также блокирует возможность переключения между программами по нажатии Alt+Tab и возможность возврата в режим окна по нажатии клавиши F11.
Экран блокировки компьютера с возможностью организовать удаленное подключение
После этого пользователю предлагают ввести код разблокировки (которого у него, естественно, нет). Либо открыть удаленный доступ к компьютеру через TeamViewer, AnyDesk и другие программы, иконки которых заботливо размещены в правой части окна.
Когда компьютер начинает тормозить совсем уж сильно, многие пользователи отправляются в интернет на поиски решения проблем и могут по неосторожности попасть на Hoax.
Но есть и другой способ распространения. Hoax можно получить через рекламу или через мошеннические веб-страницы. Например, в случае когда пользователь заразился AdWare, это может выглядеть так:
Пример заражения Adware, которая предлагает ускорить компьютер
Также на мошеннические страницы, предлагающие услуги по очистке или ускорению компьютера, можно нарваться в процессе посещения фишинговых веб-сайтов. Например, эта страница выводит сообщение о том, что на компьютере обнаружены шпионские программы.
Пример веб-страницы, притворяющейся сайтом Microsoft и пугающей пользователя вирусами
Обычно дальше предлагается либо позвонить в техподдержку (где деньги будут вымогать устно), либо скачать Hoax. Разумеется, верить подобным страницам нельзя — их надо просто закрывать.
Кроме того, недавно начал набирать популярность новый способ распространения Hoax — через всплывающие уведомления браузеров, на которые многие машинально подписываются. Подписки на браузерные push-уведомления сейчас очень популярны, в том числе и у мошенников, и доставляют довольно много проблем пользователям.
Далеко не все понимают, как эти подписки устроены, откуда они берутся и как их отключить. Иногда пользователи даже не в курсе, что эти уведомления показывает именно браузер, а исходят они от веб-сайтов, намерения создателей которых могут быть совсем не добрыми.
Браузерные уведомления, перенаправляющие на загрузку Hoax
После нажатия на подобные уведомления пользователи попадают на мошеннические страницы, маскирующиеся под антивирусные программы. Вот пример мошеннической веб-страницы, имитирующей интерфейс Защитника Windows (Windows Defender):
Мошенническая страница, имитирующая интерфейс Защитника Windows (Windows Defender)
После того как пользователя как следует запугают огромным количеством проблем с компьютером, его перенаправляют на страницу загрузки Hoax-программы.
Страница скачивания Hoax
Как уже было сказано в начале поста, по нашей статистике в конце 2018 года начался бурный рост активности на рынке мошеннического ПО для оптимизации работы компьютера, который продолжается до сих пор. Количество пользователей, сталкивающихся с Hoax, удвоилось по сравнению с началом прошлого года, возросло количество жалоб.
По нашим данным, самая популярная цель среди создателей и распространителей Hoax— Япония. Каждый восьмой пользователь в этой стране за последние годы сталкивался с Hoax. За Японией следуют Германия и, что удивительно, Белоруссия. Замыкают пятерку наиболее пострадавших от Hoax стран Италия и Бразилия.
Реагируя на эти меры, некоторые распространители Hoax отказываются от запугивающей модели распространения. Они начинают предоставлять пользователям больше информации о том, что делает программа, не так сильно завышают серьезность найденных проблем и предлагают воспользоваться бесплатной пробной версией. Тем не менее борьба еще не закончена.
Почему мы считаем, что важно предупреждать пользователей о программах из категории Hoax? На это есть несколько причин:
- Как уже было сказано, создатели подобного софта умышленно вводят пользователя в заблуждение, преувеличивая опасность проблем, обнаруженных на компьютере, — или вовсе сообщая о несуществующих неполадках.
- Как следствие, пользователю такие медвежьи услуги могут стоить необоснованно дорого.
- Некоторые Hoax-программы вообще не решают реальные проблемы и только создают иллюзию устранения ошибок.
- Наконец, в ряде случаев создатели Hoax заодно пытаются дополнительно заработать, устанавливая в комплекте со своими программами рекламное или даже откровенно вредоносное ПО.
Как защититься от Hoax
Обезопасить себя от возможного обмана можно, соблюдая следующие рекомендации:
- Игнорируйте запугивающие предупреждения о вирусах или ошибках на вашем компьютере, которые показывают веб-сайты. Не кликайте по подобным предупреждениям и уж тем более не скачивайте и не устанавливайте то, что вам навязывают.
- Почистить компьютер действительно может быть полезно, но не стоит устанавливать для этого первую попавшуюся программу. Уделите этому немного времени и почитайте рекомендации уважаемых компьютерных изданий.
- Чтобы точно не нарваться на Hoax, установите надежный антивирус, который предупредит о мошеннических программах.
Читайте также:
