hi susie
you're welcome. i'm glad that i posted the info in a timely manner, given that you boss is making himself and you crazy! <g3>
read on for more coverage of the same story....
E-mail virus hoax makes users do the dirty work
By George A. Chidi Jr., IDG News Service\Boston Bureau
May 30, 2001, 14:06
idg.net
In the latest perverse trickery pulled off by someone taking pleasure in computer users' pain, a fake virus warning is circulating by e-mail asking people to delete an innocuous and uninfected executable Microsoft Corp. Windows file and then to pass the warning on to others.
The warning tells users to delete the sulfnbk.exe file, a utility used to restore long file names. The file isn't usually infected, and running a virus check on it will prove fruitless ... which just adds to the hoax's credibility. The message warns people that it's a virus undetectable by antivirus software. Diligent users who search for the file and find it may presume the warning was accurate and delete it.
Standard antivirus screens will not detect the warning e-mail itself, because it too is not a virus. But if users comply with the message, by deleting the file and forwarding the e-mail to others, the effect is similar.
The message begins, "FOLLOW THE INSTRUCTIONS, I HAD IT!!!!!...," according to Avert Labs, the anti-virus response division of anti-virus firm McAfee, which itself is a division of Network Associates Inc. "I received this message from a friend and today it is true. I searched for the file following the next instruction and I found it, I had it without knowing," the warning continues, providing instructions for finding and deleting the file.
"We actually received this one two weeks ago, in Portuguese," said Joe Hartmann, director of North American virus research for Trend Micro Inc. "A couple of days ago we received a version in English with some more text, adding a date to it, June 1."
An earlier, real threat -- the Magistr worm -- infected the sulfnbk.exe file, adding to user confusion. This e-mail hoax is unrelated to the earlier worm, which can be detected and destroyed by updated antivirus software.
Instructions for restoring the deleted file may be found at vil.mcafee.com.
Network Associates can be reached at nai.com. |
