30/05/2001 A friend of a friend -- really! -- runs a large mailing list for a professional group. Said FOAF got an email, saying -- as she thought -- that a virus was living on her computer and she should immediately delete a certain file if it was found. She found it, so she did. Then she sent the warning on to the group. Ooops. One of the group -- our mutual friend -- emailed me and said "Is this legit?" Of course, it was the SULFNBK.EXE hoax email. Which has found a weak spot in people's credulity shields, and -- not being a virus -- has sailed through any automated check that may be running. The strange thing is, when you talk to people who believed it you enter a shadowy world where the normal rules of logic don't apply. "You do know that virus hoax emails are common?" "Uh, yeah." "You do know that it couldn't turn into a virus on 1st June if it wasn't a virus already?" "Uh, yeah." "You do know that if you type 'virus hoax' into any search engine you'll find a list in seconds, which includes what you've just got?" "Uh, yeah". "So why..." "Dunno." I guess this is just the lesson that spammers already know -- if you send email to lots of people telling them to jump off a cliff, a small but significant proportion won't even stop to ask which one. Computer security is easy: it's the people security that's a toughie.