[ Home Page ]

virus hoax collection


A virus hoax is a false virus warning that is often spread through e-mail causing confusion and panic. On this page you can find some of the funniest ones.

If you receive a virus warning you should ALWAYS veryify it by checking a antivirus companys homepage or by contacting your MIS / IT department.

Other virus hoaxes that aren't mentioned here are:
PKZIP 300
Irina
Good Times
Deeyenda Maddick
Ghost
Make Money Fast
Naughty Robot
PenPal Greetings
Eyes
Sheep
3b Trojan (alias PKZIP Virus)
Death69
Red Alert
AOL 4 Free (can also be a real virus)
Matra R-440 Crotale
YUKON3U.mp
Join the Crew
Cancer chain letter
Hacker Riot


2400 baud modem virus

One of the first virus hoaxes was the 2400 baud modem virus

SUBJ: Really Nasty Virus
AREA: GENERAL

I've just discovered probably the world's worst computer virus yet. I had just finished a late night session of BBS'ing and file treading when I exited Telix 3 and attempted to run pkxarc to unarc the software I had downloaded. Next thing I knew my hard disk was seeking all over and it was apparently writing random sectors. Thank god for strong coffee and a recent backup. Everything was back to normal, so I called the BBS again and downloaded a file. When I went to use ddir to list the directory, my hard disk was getting trashed again. I tried Procomm Plus TD and also PC Talk 3. Same results every time. Something was up so I hooked up to my test equipment and different modems (I do research and development for a local computer telecommunications company and have an in-house lab at my disposal). After another hour of corrupted hard drives I found what I think is the world's worst computer virus yet. The virus distributes itself on the modem sub- carrier present in all 2400 baud and up modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no other (sp) purpose. The virus sets a bit pattern in one of the internal modem registers, but it seemed to screw up the other registers on my USR. A modem that has been "infected" with this virus will then transmit the virus to other modems that use a subcarrier (I suppose those who use 300 and 1200 baud modems should be immune). The virus then attaches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of this virus is to completely reset all the modem registers by hand, but I haven't found a way to vaccinate a modem against the virus, but there is the possibility of building a subcarrier filter. I am calling on a 1200 baud modem to enter this message, and have advised the sysops of the two other boards (names withheld). I don't know how this virus originated, but I'm sure it is the work of someone in the computer telecommunications field such as myself. Probably the best thing to do now is to stick to 1200 baud until we figure this thing out.

Mike RoChenle


60 Hz

The 2400 baud modem bogus virus description spawned a humorous alert by Robert Morris III :

Date: 11-31-88 (24:60)
To: ALL Refer#: NONE
From: ROBERT MORRIS III
Subj: VIRUS ALERT Status: PUBLIC MESSAGE

Warning: There's a new virus on the loose that's worse than anything I've seen before! It gets in through the power line, riding on the powerline 60 Hz subcarrier. It works by changing the serial port pinouts, and by reversing the direction one's disks spin. Over 300,000 systems have been hit by it here in Murphy, West Dakota alone! And that's just in the last 12 minutes.

It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac, RSX-11, ITS, TRS-80, and VHS systems.

To prevent the spresd of the worm:

1) Don't use the powerline.
2) Don't use batteries either, since there are rumors that this virus has
  invaded most major battery plants and is infecting the positive poles
  of the batteries. (You might try hooking up just the negative pole.)
3) Don't upload or download files.
4) Don't store files on floppy disks or hard disks.
5) Don't read messages. Not even this one!
6) Don't use serial ports, modems, or phone lines.
7) Don't use keyboards, screens, or printers.
8) Don't use switches, CPUs, memories, microprocessors, or mainframes.
9) Don't use electric lights, electric or gas heat or airconditioning,
  running water, writing, fire, clothing or the wheel.

I'm sure if we are all careful to follow these 9 easy steps, this virus can be eradicated, and the precious electronic fluids of our computers can be kept pure.

---RTM III


Good Times Spoof

This is a humorous version of the goodtimes virus.

The latest breaking news on the GOODTIMES virus.

It turns out that this so-called hoax virus is very dangerous after all. Goodtimes will re-write your hard drive. Not only that, it will scramble any disks that are even close to your computer. It will recalibrate your refrigerator's coolness setting so all your ice cream goes melty. It will demagnetize the strips on all your credit cards, screw up the tracking on your television and use subspace field harmonics to scratch any CDs you try to play.

It will give your ex-girlfriend your new phone number. It will mix Kool-aid into your fishtank. It will drink all your beer and leave dirty socks on the coffee table when company comes over. It will put a dead kitten in the back pocket of your good suit pants and hide your car keys when you are late for work.

Goodtimes will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your girlfriend behind your back and billing the dinner and hotel room to your Discover card.

It will seduce your grandmother. It does not matter if she is dead, such is the power of Goodtimes, it reaches out beyond the grave to sully those things we hold most dear.

It moves your car randomly around parking lots so you can't find it. It will kick your dog. It will leave libidinous messages on your boss's voice mail in your voice! It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.

Goodtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methanphedime in your bathtub and then leave bacon cooking on the stove while it goes out to chase gradeschoolers with your new snowblower.


Free Money

There is a computer virus that is being sent across the Internet. If you receive an e-mail message with the subject line "Free Money," DO NOT read the message. DELETE it immediately, UNPLUG your computer, then BURN IT to ASHES in a government-approved toxic waste disposal INCINERATOR.

Once a computer is infected, it will be TOO LATE. Your computer will begin to emit a vile ODOR. Then it will secrete a foul, milky DISCHARGE. Verily, it shall SCREECH with the tortured, monitor-shattering SCREAM of 1,000 hell-scorched souls, drawing unwanted attention to your cubicle from co-workers and supervisors alike. After violently ripping itself from the wall, your computer will punch through your office window as it STREAKS into the night, HOWLING like a BANSHEE. Once free, it will spend the rest of its days CRUSHING household PETS and MOCKING the POPE.


Independence hoax

This was a joke, which was distributed as an official-looking CERT alert and was based on the movie 'Independence Day'. Here is the original message:

Independence Day - CERT alert
--------------------
From: CERT Bulletin
Newsgroups: comp.security.announce,rec.humor
Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability
Date: 4 July 1996 20:52:15 GMT
Organization: CERT(sm) Coordination Center - +1 412-268-7090
====================
CERT(sm) Advisory CA-96.13
July 4, 1996
Topic: ID4 virus, Alien/OS Vulnerability
--------------------
The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip(tm) hosts. One report of exploitation of this bug has been received. When attempting takeover of planets inhabited by such races, a trojan horse attack is possible that permits local access to the MotherShip host, enabling the implantation of executable code with full root access to mission-critical security features of the operating system. The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or later, and all versions of Microsoft's Windows/95. CERT advises against initiating further planet takeover actions until patches are available from these vendors. If planet takeover is absolutely necessary, CERT advises that affected sites apply the workarounds as specified below. As we receive additional information relating to this advisory, we will place it in
ftp://info.cert.org/pub/cert_advisories/CA-96.13.README
We encourage you to check our README files regularly for updates on advisories that relate to your site.
--------------------
I. Description
  Alien/OS contains a security vulnerability, which strangely enough
  can be exploited by a primitive race running Windows/95. Although
  Alien/OS has been extensively field tested over millions of years by
  EvilAliens, Inc., the bug was only recently discovered during a
  routine invasion of a backwater planet. EvilAliens notes that
  the operating system had never before been tested against a race
  with "such a kick-ass president."
  The vulnerability allows the insertion of executable code with
  root access to key security features of the operating system. In
  particular, such code can disable the NiftyGreenShield (tm)
  subsystem, allowing child processes to be terminated by unauthorized
  users.
  Additionally, Alien/OS networking protocols can provide a
  low-bandwidth covert timing channel to a determined attacker.
II. Impact
  Non-privileged primitive users can cause the total destruction of
  your entire invasion fleet and gain unauthorized access to
  files.
III. Solution
  EvilAliens has supplied a workaround and a patch, as follows:
  A. Workaround
    To prevent unauthorized insertion of executables, install a
    firewall to selectively vaporize incoming packets that do not
    contain valid aliens. Also, disable the "Java" option in
    Netscape.
    To eliminate the covert timing channel, remove untrusted
    hosts from routing tables. As tempting as it is, do not use
    target species' own satellites against them.
  B. Patch
    As root, install the "evil" package from the distribution tape.
    (Optionally) save a copy of the existing /usr/bin/sendmail and
    modify its permission to prevent misuse.
--------------------
The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for providing information for this advisory.
--------------------
If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST).
We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://info.cert.org/pub/CERT_PGP.key CERT Contact Information --------------------
Email cert@cert.org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
CERT publications, information about FIRST representatives, and other security-related information are available for anonymous FTP from
http://www.cert.org/
ftp://info.cert.org/pub/
CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce
To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request@cert.org
Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided it is used for noncommercial purposes and the copyright statement is included.
CERT is a service mark of Carnegie Mellon University.




[ Home Page ]
[ GeoCities ]
[ Silicon Valley ]

visitors:   counter
last modified: 1999-12-31


1