Why virus hoaxes are no joke

Email-born viruses are becoming increasingly complex and damaging, which makes the prospect of virus hoaxes taking up system resources and staff time all the more annoying. But how much of a threat do hoaxes pose? Pia Heikkila reports...

The internet allows us to spread information quickly and effortlessly. But the downside of global networks is that unwanted messages travel equally fast too. These unwanted messages include computer viruses, but also their tamer cousins: virus hoaxes. Viruses themselves have received plenty of publicity recently, all the more so if they are named after over-exposed 19-year-old female tennis players. But how many users can tell a hoax warning from a real alert? Take email. Hoaxes usually arrive in inboxes from a well-meaning colleague or friend, and often carry a bold subject line punctuated with words like 'alert' or 'danger' and quoting a reputable company as a source. The message itself has lost its original sender's name and address and comes with a tail of many forwarding addresses. Most IT professionals recognise a hoax email straight away, but pundits claim end users are often caught out. Rob Rosenberg, a US hoax expert who runs a website on bogus virus warnings, said the reason hoaxes get forwarded is twofold. "End users are trying to be helpful when they are forwarding these messages and they want to be the first ones to alert everyone," he said. "Email also makes it very easy. All you have to do is just hit the forward button, then choose everyone in your address book, then press send." Rosenberg said the hoax writers have very different motives. "Just about every type of person writes them. Even a respected business wrote one as a publicity stunt. It is similar to an April Fool's prank which most people see as harmless fun," he said. Some hoax writers are looking for their 15 minutes of fame, trying to get their bogus messages travelling around global networks. Like a publicity-thirsty celebrity, an author is hoping his/her evangelism will reach as many recipients as possible and take on the notoriety of a real virus. However, experts reckon hoaxes are no laughing matter for IT departments. A typical hoax can generate large amounts of email which eats up corporate bandwidth and disk space. Once a few people in a company have received a warning and mailed it to all their friends and colleagues, a mail overload can easily result, according to Graham Cluley, senior consultant at anti-virus firm Sophos. There are also costs to a company's credibility if a hoax is forwarded from one of its addresses. "A company's name is often tarnished if it is linked with a hoax email," Cluley added. Very little official research has been published on the cost of hoaxes, but it is estimated they can cost even more than a genuine virus incident. Alex Shipp, technical director at anti-virus vendor Messagelabs, said the cost of hoaxes is often invisible. "No anti-virus software will detect hoaxes because they aren't viruses. Some companies panic when they receive a hoax virus warning and assume the worst - making the situation much worse," he said. And some hoaxes can remain in circulation for a long time. "Some of these hoaxes have a wider reach than most viruses. Our helpdesk gets asked at least once a week about hoaxes that are over three years old," he added. Rosenberg has estimated the damage of hoaxes to businesses. He has come up with an average that consists of incremental cost based on the fact that most employees get paid whether or not they work productively for one minute. Employees also cost money when they go to the bathroom, refill their coffee cups, take smoking breaks, or receive personal calls and emails. Hoax virus alerts add to this daily level of unavoidable employee inefficiency. Given an average employee costs $30-$60 per hour (including benefits and taxes), the sum works out to about 50 cents per employee per hoax. But not all is lost in the battle against bogus alerts. Companies can try to reduce the cost of virus hoaxes through a few simple steps. Rob Hailstone, analyst at IDC, said end users can be trained to spot virus hoaxes from genuine virus warnings. "Usually hoaxes feature capital letters and urge you to forward the chain letter to everyone you know. They often quote well-known computer companies too," he said. One way to prevent hoaxes from taking over corporate inboxes is to include a policy on them as a part of corporate security policy. Hailstone suggests companies can propose a total ban on forwarding virus alerts: "IT departments can remind their staff not to forward any virus warnings simply because security companies are not likely to issue a random warning by email." Email overload is a definite symptom of 21st century working life, and virus hoaxes don't help. But whereas much of the increase in information flow seems inevitable, experts agree something can be done about these bogus alerts. The advice is straightforward. If only PC users weren't such helpful Samaritans, then we'd collectively save a lot of deleting.