Budweiser Frogs! Penpal Greetings! Give your cat a colonic! You
may have received warnings about these "viruses"; if you did, you
have been the victim of a virus hoax.
The Sophos helpdesk receives more calls about virus hoaxes than
any individual real virus. Virus hoaxes are false reports about
non-existent viruses, often claiming to do impossible things.
Unfortunately some recipients occasionally believe a hoax to be a
true virus warning and may take drastic action (such as shutting
down their network).
Typically, hoaxes are emails which describe a dangerous new
undetectable virus, usually using bogus technical terms. Hoaxes
often ask you to avoid reading or downloading emails that have a
particular subject line. Examples include Budweiser Frogs,
It Takes Guts to Say
Jesus, and Join
For instance, the Good Times hoax claims to
put your computer's CPU in "an nth-complexity infinite binary loop
which can severely damage the processor". The hoax warns you not to
read or download anything with the subject "Good Times" because the
message is a virus. It then urges you to forward the warning to as
many people as possible.
Although no official research has been done on the subject, it
is estimated that hoaxes can cost you even more than a genuine
virus incident. After all, no anti-virus will detect hoaxes because
they aren't viruses. Some companies panic when they receive a hoax
virus warning and assume the worst - making the situation much
The amount of email that a typical hoax can generate is also a
cost to organisations. Once a few people in your company have
received a warning and mailed it to all their friends and
colleagues, a mail overload can easily result.
Your company may like to consider circulating a policy on virus
hoaxes to your staff, in an attempt to reduce the costs
Here is an example policy you could use:
"You shall not forward any virus warnings of any kind to
*anyone* other than <insert name of the department or staff
member who looks after anti-virus issues>. It doesn't matter if
the virus warnings have come from an anti-virus vendor or been
confirmed by any large computer company or your best friend. *All*
virus warnings should be sent to <insert name>, and
<insert name> alone. It is <insert name>'s job to send
round all virus warnings, and a virus warning which comes from any
other source should be ignored."
Sophos provides a number of resources which can help you reduce
the costs associated with virus hoaxes.
Sophos offers a free hoax info
feed which allows you to display "always-fresh" information on
your website or intranet about the most prevalent hoaxes. By using
the feed from Sophos you can ensure your website carries useful,
up-to-the-minute data on the "hottest" hoaxes with very little
Sophos also recommends you visit the section of our website
devoted to debunking virus hoaxes: Sophos describes hoaxes and scares.