Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

It's the End of the World (as we know it)

Alan Solomon

[Back to index] [Comments]

In the old days only bearded techies with sandals were on the Internet. They were heavily into computers, they understood how computers worked (they had to in order to get on the net in the first place) - in a nutshell they were academic types.

But times have changed. Today "the information superhighway" has caught the public's imagination, and Joe Public can't go anywhere without seeing magazines blaring on about the importance of being "wired" and how they're not anyone in the nineties if they've not got a webpage.

And today the guys with the beards and sandals are in the minority becoming vastly outnumbered by the masses on America OnLine, CompuServe, MSN, and other easy-to-use service providers. Not all these service providers necessarily offer the same abilities as a raw direct connection to the net, but that doesn't matter to the masses. They want something that's pretty, and simple to navigate about with using a mouse, and - most vitally - gives them email.

With email they can make friends, and keep in touch with people they would never dream of telephoning or writing a letter to. It's quick and simple and doesn't require walking down the road to a post box.

Furthermore if someone emails you a funny joke you can forward it to all your friends. Very little effort and everyone thinks you're the funniest chap around.. and no chance of you fluffing the punch line.

Another great thing about the internet is it can give people a sense of community. Anyone who has dropped into a newsgroup like alt.comp.virus soon finds out that it's the equivalent of meeting friends down the pub. Although people are always quick to assist those who have a virus problem, they're also there to chat about anything and everything.

I have an account with an online conferencing system. Its Internet connection is pretty lousy, its newsfeed is patchy, but the reason why I and thousands of others choose to stay with it is because it's "comfortable", it's a community, it's where our friends hang out.

As well as sharing jokes with friends to keep them amused, we're also concerned about their welfare. And if we hear about a problem it's natural to warn our friends as well.

It is this concern for fellow computer users which has ignited hoaxes into a significant problem.

Mosan-aki Hoax

This is a hoax, not a virus. The subject of the e-mail is: "Change of screen name", while the message contains the text shown below:

You have have just been given the mosan-aki virus, It is new to virus and detecters can't reconnize it. If you don't send this to AT LEAST 7 people the virus will get into the system!!!!!!!!!!!!!!

Win a Holiday

'Win a Holiday' is a hoax not a virus. The contents of the e-mail message is shown below. You are advised not to forward messages about non-existent viruses, as this will only help to propagate them further.

Text of 'Win a Holiday' Hoax:

VIRUS WARNING !!!!!!

If you receive an email titled "WIN A HOLIDAY" DO NOT open
it. It will erase everything on your hard drive. Forward
this letter out to as many people as you can. This is a
new, very malicious virus and not many people know about
it. This information was announced yesterday morning from
Microsoft; please share it with everyone that might access
the internet. Once again, pass this along to EVERYONE in
your address book so that this may be stopped.

Also, do not open or even look at any mail that says
"RETURNED OR UNABLE TO DELIVER" This virus will attach
itself to your computer components and Render them useless.
Immediately delete any mail items that say this. AOL has
said that this is a very dangerous virus and that there is
NO remedy for it at this time. Please practice cautionary
measures and forward this to all your online friends ASAP.

For further information, please contact your nearest Dr. Solomon's Technical Support site.

The 'Mother' of all hoaxes has to be "Good Times":

Good Times

There are a number of different versions of Good Times, some are more elaborate than others. Here's an example Good Times warning:

Here is some important information. Beware of a file called Goodtimes.

Happy Chanukah everyone, and be careful out there.There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.

Messages similar to the one above began to be spread around the net and the internal mail systems of corporate companies in 1994. It has propagated itself extremely well, and media organizations have not helped the problem by on occasion printing the hoax as fact (and thus adding even more credibility to the story).

Those of us with knowledge of how viruses can and cannot work knew instantly that Good Times was a hoax, but the average user who knows little about computers let alone viruses could easily believe the message. This belief was further encouraged when another version of the hoax claimed that the US FCC (Federal Communications Commission) had issued a warning about the "virus". The FCC were quick to debunk this but of course few people took time to check.

After it's initial burst in 1994, Good Times went quiet for a while. Many people breathed a sigh of relief hoping we had seen the last of it. But then it burst into life again - if anything even more brightly than before.

The theory is that every so often a hoax will "get lucky" again. Just like a virus can "get lucky" by being accidentally shipped with commercial software, or being made available on a popular website, so a hoax can become lucky if some (albeit well-intentioned) individual or company receives the hoax warning and decides to "tell all their friends".

This behaviour has also been seen in many of the other hoaxes discussed in this paper.

In summary (I feel I have to say this every time): Good Times is a hoax, not a real virus.

Irina

I first heard of Irina on the morning of September 20th 1996. It was the second morning of the Virus Bulletin conference in Brighton, England, and I received a message to call Robert Uhlig of The Daily Telegraph about a brand new virus called "Irina".

Uhlig asked me if we detected the virus and I responded that the name was unfamiliar to me (maybe it was a new virus which another anti-virus company had named?) and asked him for more information.

It transpired that Robert Uhlig had received a mail from a Professor Edward Prideaux at the College of Slavonic Studies warning of the new virus.

A computer virus is being sent across the Internet. If you receive an e-mail message with the subject line "Irina", DO NOT read the message. DELETE it immediately. Some miscreant is sending people and files under the title "Irina". If you receive this mail or file, do not download it. It has a virus that rewrites your hard drive, obliterating anything on it. Please surf carefully and forward this mail to anyone you care about.

As Uhlig began to describe what the virus was supposed to do it became obvious that it was a hoax. After a little investigation the whole story then began to emerge..

The Irina hoax was a "marketing ploy" by a UK publisher, Penguin Books, to promote a new book of theirs. Guy Gadney, the former head of electronic publishing at Penguin, sent out a "virus alert" in an attempt to stir up interest in their new book. Unfortunately the alert did not make clear that it was a hoax and not supposed to be taken seriously.

The alert claimed to be from a Professor Edward Prideaux at the College of Slavonic Studies in London. The College of Slavonic Studies does not exist, but London's School of Slavonic and East European Studies was reportedly inundated with calls to the fictitious Professor Prideaux.

Although Gadney sent out a second letter explaining that the first was a hoax, it has done little to stop the spread of the alert, and it is now beyond anyone's control.

To promote "Irina" Penguin Books targeted the science fiction community and a significant number of science fiction periodicals and writers (many of whom had an internet connection) received the original version of the hoax.

The United Kingdom science fiction magazine Ansible was one of the publications to pick up on the story, and they did their best to limit the spread of the panic in Issue 111 (reprinted with permission from the editor of Ansible magazine):

"The hoax flyer was traceable, through characteristic typos in address labels, to the Penguin sf review mailing list! Several people alerted Penguin to the abuse of their database ... only to be gobsmacked by flyer #2, this time on Penguin notepaper, which coyly began:

`You may have received a letter from a Professor Edward Prideaux recently falsely warning of a virus called "Irina". Please note that "Irina" _is not a virus_, and the views of Prof. Prideaux are not those of Penguin Books. "Irina" is the title of Penguin Books' ground-breaking interactive novel ... put together by the science fiction author, Stephen Baxter, by Guy Gadney, former Head of Electronic Publishing at Penguin, and Hugh Barnes, an Executive Editor at Penguin.'

That is, Penguin had started a virus scare (which of course went round the world by e-mail in mere hours) simply to promote the bloody book. Steve Baxter hastened to proclaim his innocence:

`I did know they were planning a teaser-type PR campaign, but....'

Various net and virus pundits pissed on Penguin from a great height; the Telegraph (23 Sept) quoted Guy Gadney as blandly saying,

`It is very unfortunate that we have created a scare -- it was not our intention.'

Ansible wondered whether what seemed daft here would pass unremarked in the hurly-burly of New York publishing ... but Patrick Nielsen Hayden of Tor assured me,

`If my publicity people had done that, I'd hang them out to dry, and you may quote me to the fine people at Penguin UK. [] What's most offensive is their obvious belief that their need to publicize Baxter's book is more important than the rules of courtesy and common sense followed by the internet's little people. I'm sure I could get a lot of publicity by towing a billboard for my books down the wrong side of Fifth Avenue at seventy-five miles an hour, too, but it wouldn't make it a smart thing to do.'

Now Guy Gadney explains:

`The intention of the release was to convey the tone and the conspiratorial nature both of the plot of the novel, and of some areas of the Internet itself.'

(Thus, for example, a book about political assassination might similarly have been promoted by mailing death threats to cabinet ministers ... plenty of publicity there.)

`Of course, we were keen that the information should be kept by the journalists and not sent out electronically.'

(Disingenuous. To quote the first flyer: `Please be careful and forward this mail to anyone you care about ... Alert your friends and local system users.' Now, boys and girls, when people are urgently told to warn their e-mail contacts, what route are they most likely to use?)

`To this end, the release was sent in hard copy by post to named individuals to avoid any wider dissemination.'

(I'm certainly glad it didn't go to any of that notoriously indiscreet subset of humanity which lacks names. Sending scary information to journalists is of course a well-known way `to avoid any wider dissemination'.)

`We also took steps to make sure that neither Professor Prideaux nor the College of Slavonic Studies exist outside the novel itself.'

(It's good to know that some people have the integrity to make Really Sure they're signing a false name.)

`As regards the project itself, Stephen and I have been working together to produce what we believe is a true and seamless joining of technology and fictional story-telling. Based around the web sites of the key characters rather than an episodic, page-turning exercise, Irina is a ground-breaking project both for Stephen and Penguin. [] I am sorry about any misunderstanding and hope that you will find Irina interesting.'

(Er, what misunderstanding? A straightforward `Sorry we acted like utter loons' would have been more to the point, but let it pass....)

clipping from Ansible Issue 111

Ansible wrote again about the Irina fiasco in their next edition, where they revealed that Penguin Books were taking an interesting approach to the problem.

MAD PENGUIN DISEASE.

Because I am a kindly soul, I don't really want to go on and on at Penguin for their lame-brained publicity stunt of a computer virus hoax. However ... the lie still continues to propagate around the net, and Penguin's Guy Gadney has developed a damage-control response which irritatingly glosses over little matters like culpability:

`There is an Interactive Novel which you can access from the Penguin Books homepage at www.penguin.co.uk called "Irina" after the main character Irina Zotova. This has conflicted with reports of a virus called Irina which does not exist and the Professor Edward Prideaux mentioned is a character in the story. The virus rumour has been checked by experts in the UK and it has been confirmed that there is currently no "Irina" virus to guard against and that an email erroneously circulated to a mailing list was at the root of this rumour.'

Admiring this wholehearted apology, this eager readiness to shoulder the blame, one is compelled to the realization that Guy Gadney is wasted in publishing and should move to a career in politics. As soon as possible.

clipping from Ansible Issue 112

At the time it was suggested that Penguin Books should provide a statement on their website, reassuring computer users that the Irina virus was a hoax, but to my knowledge nothing appeared. Furthermore I was bombarded with requests for Guy Gadney's email address (I do have it, but I declined all requests in a rare display of mercy) from system administrators who wanted to forward their panicking users directly to him.

It seems I wasn't alone in receiving requests for details on how to have Gadney's head on a silver plate, as in the 3rd December 1996 edition of PC Week (UK Edition) one reader wrote in:

Getting back at Penguin

Thank you for revealing Penguin Books' cruel Irina hoax (PC Week 26 November) which has caused us a lot of problems with concerned users.

Why don't you publish the Email address of the person responsible or of the editor-in-chief? We could then forward every single mail we've received from our panicked users over the past few weeks

Mat Ellis

[email protected]

Editor replies:

We have received a letter from Penguin's publicity director apologizing (sic) for the concern its spoof caused.

clipping from PC Week (UK), December 3rd 1996

I am sure that Penguin Books are extremely embarrassed by the whole incident, and will be vary wary of conducting a similar spoof to promote a new publication in the future. Other companies should observe Penguin's discomfort and avoid engaging in similar publicity stunts.

None of this, of course, stops the hoax from spreading and unfortunately, many companies and individuals continue to fall for this hoax. It could be argued that in this way Irina "got lucky". By sneaking into a message from an anti-virus company it gained the ultimate credibility.

In summary (sorry if this is getting tedious.. but we need to get the message across): Irina is a hoax, not a real virus.

Deeyenda

In many ways Deeyenda is similar to the Good Times hoax. The warning shares similarities (even dragging the FCC in again) and claims to spread in the same way (by reading a message with a particular subject line).

VERY IMPORTANT INFORMATION. PLEASE READ! There is a computer virus that is being sent across the internet. If you receive an email message with the subject line "Deeyenda", DO NOT read the message. DELETE it immediately! If you run across anything like this DON'T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterating anything on it. Please be careful and forward this message to anyone who you believe this may affect. The message below gives additional information.

FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, EMAIL, and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information such as email and login passwords, credit cards, personal inf., etc.

The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and Password are sent to the server, this virus can copy this information and SEND IT OUT TO AN UNKNOWN ADDRESS (varies). The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked, your computer will be unsecure. Although it can attack any O/S, this virus is most likely to attack those viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pages and fear its spread.

Please pass this on, for we must alert the general public of the security risks.

It was pointed out to me sometime after I first encountered the Deeyenda hoax that "Deeyenda Maddick" sounds phonetically like "The end of my dick". I guess that I was not alone in failing to spot that, and maybe that is once again an effect of communicating via email. If I was discussing this email message face-to-face with someone then the crude joke in the name would have become apparent. Electronic discussion, however, fails to make it obvious.

In summary: Deeyenda is a hoax, not a real virus.

[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua