MPEG virus

Around October 1998, an email began to circulate claiming that a new virus called 'Bloat' had been discovered. The email describes it as the "first successful multi-application media-file virus", which targets Layer 3 audio compatible players called MP3 players. It claims the player software becomes infected by opening an infected file, and subsequently infects all MP3 or EXE files written-to by the player software.

The hoax virus gets its name from its alleged side-effect, which is to increase the size of infected files by a factor of up to five.

No such virus currently exists. Although much technical information is presented in the email to give the hoax credibility, the actual infection mechanisms are not described in a satisfactory manner.

A number of other factors indicate the email is a hoax. For example, the email claims that the virus was discovered by a company called Internet Western Associates, which cannot be traced. It also claims that McAfee Labs is "the anti-virus research affiliate of IWA" which is clearly not correct.

Many virus hoaxes:

• falsely claim to describe an extremely dangerous virus
• use pseudo-technical language to make impressive-sounding (but impossible) claims
• falsely claim that the report was issued or confirmed by a well-known company
• ask you to forward it to all your friends and colleagues

As usual, you are urged not to pass on warnings of this kind, as the continued re-forwarding of these hoaxes simply wastes time and email bandwidth.

It is possible that you may receive a hoax via email with a file attached. Obviously, such file attachments should be treated with caution as they may be virus infected. Sophos recommends deleting virus hoax emails, whether they contain file attachments or not.

Sophos suggests a policy to help prevent hoaxes from spreading in your company.