AOL users hit by bizarre hoax

A new hoax is making the rounds of AOL users, posing -- confusingly enough -- as a hoax warning.

The message, which seems to be sent by a concerned AOL user, describes a fake "America Online Year 2000 Update" called Y2KFIX.EXE. The fake message allegedly fools users into giving up information on their accounts and credit cards. But no such fake update exists.

"There is currently no virus that has the characteristics ascribed to Y2KFIX.EXE," wrote Motoaki Yamamura of Symantec, in a briefing on Symantec's AntiVirus Research Centre. "It is a sham, meant only to panic new or inexperienced computer users."

Hoaxes thrive on the Internet, since it is easy to pass along authentic-seeming messages without eliciting closer examination. As outlined on the Department of Energy's "Internet Hoaxes" page, previous Internet frauds have involved everything from Blue Mountain Cards' greeting cards to a supposed tax on e-mail.

The Y2KFIX prank is especially perplexing because there are, in fact, many schemes designed to trick people into revealing their AOL passwords or other personal information.

"It sounds absolutely plausible," said AOL spokesman Rich D'Amato.

The "AOL Year 2000 Update" hoax e-mail even includes a copy of the scam message it is supposedly warning against. This begins, "Hello, I am Richard Brunner of the AOL TECH Team and we have recently finished work on this project which is the AOL Year 2000 Update."

This message is said to include an attachment called Y2KFIX.EXE, which, when executed, causes a fake AOL billing window to pop up, asking users for their names and credit card numbers, among other information. "It looks very legit. It says your billing cycle was up and they need more info," the hoax e-mail warns.

AOL representatives say users can double-check the reality of scams at the service's "Neighborhood Watch" section. "This is a rumour perpetuating a hoax pretending to be a virus," D'Amato commented. "Plato wouldn't even accept that as poetry."

The same trick e-mail also warms about a "flashing IM," or instant message, that will automatically steal your password unless you "sign off immediately." But AOL said that not only is the "flashing IM" a hoax, it isn't technically possible.

Have you been a victim of a hoax on AOL? Tell the Mailroom -- to be published Friday