Virus hoax chart makes grim reading

Computer users are still fooled by false virus alerts persuading them to delete harmless - but sometimes vital - files, and then forward the hoaxes to their friends

Fuelled by concern over genuine threats such as Klez, Bugbear and Magistr, computer users are continuing to fall for false warnings of non-existent viruses.

Anti-virus firm Sophos released details of its latest top ten virus hoaxes on Thursday. These hoaxes typically warn the reader not to open an email with a certain subject line, or to immediately delete a particular file on their hard drive, because they contain a virus. They will also tell the reader to forward the warning to their friends and colleagues.

Topping the pile in December 2002, for the eighth successive month, was an email that urged users to delete a legitimate file called JDBGMGR.EXE from their machine. The original version of this hoax claims that this file is a virus spread by MSN Messenger, while a later version claims that deleting it will remove the Bugbear-A worm from a system.

Both claims are false, and antivirus experts believe the connection with Bugbear came about because the icon of JDBGMGR.EXE is a small grey teddy bear.

The JDBGMGR.EXE email made up 13.7 percent of all hoaxes reported to Sophos in December last year.

Most of the other popular hoaxes were false warnings about certain emails or programs, which they claimed were actually viruses.

These included a claim that a screensaver based on the Budweiser Frogs was actually a dangerous virus, and another alleging that an email with the subject line "A virtual card for your" contained a virus that would "permanently destroy a hard disk" when opened.

Another similar email claimed that a bowling game in which elves were used in place of skittles contained a virus that would strike on Christmas Day.

Even though such hoaxes didn't encourage the reader to delete files from their machine, they are harmful because -- by urging that they should be distributed to as many people as possible -- they wastes both time and bandwidth.

Even though all the major antivirus companies include information on such hoaxes on their Web sites, users continue to fall for them.

At six on the Sophos list is an email that claimed Microsoft was conducting an audit of Hotmail users and that anyone who failed to forward the email on to other Hotmail accounts would see their own account deactivated, as Microsoft would conclude that it was no longer in use. This email was identified as being deceptive as far back as Summer 2001, but it appears many users still haven't got the message about this hoax, or indeed many others.

"The JDBGMGR hoax has been at the top of the myth list for eight months and shows no signs of subsiding," said Graham Cluley, senior technology consultant at Sophos Anti-Virus in a statement. "The seasonal Elf Bowling hoax about a joke program which shows Santa Claus playing ten pin bowling with elves made a reappearance after a full year away," Cluley added.

More details about virus hoaxes can be found here.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.