E-mail Forwards
I received one too many stupid e-mail forwards today, and snapped. This was originally going to be sent back to the person who sent it to me, as well as the reels of other e-mail addresses in the headers, but I decided against it and have blogged here instead.
A little knowledge goes a long way...
The e-mail I dissect below and many others like it get passed around the
internet like wildfire because it's easier to notice the CAPITAL LETTERS and
hit 'Forward' than it is to spend 30 seconds reading the text thoroughly and
realising it's mostly nonsensical junk.
(The full body of the original message is at the end of this e-mail)
> This is not a joke!
Yes, it is. The mere fact that this phrase is contained (as the first line, no
less) in the message pretty convincingly discredits what's going to follow. How
many real security bulletins have to reassure the reader that it's all true?
The message probably originated from someone who a) was bored, b) thought it
would be hilarious to waste their and others' time, or c) had nothing better to
do than spread a bit of good ol' fashioned FUD (see
http://en.wikipedia.org/wiki/FUD )
> Please Be Extremely Careful especially if using internet mail such
> asYahoo, Hotmail, AOL and so on.
Funny, that. Yahoo, Hotmail and AOL are arguably the 3 biggest webmail
services, so when it says 'especially' it's probably referring to the majority
of people who receive this mail.
In addition to this, there is nothing whatsoever to make a webmail user more
susceptible to this perceived threat than a user who reads email in a dedicated
client such as Mozilla Thunderbird (which is Free!
http://www.mozilla.org/products/thunderbird/)
> This information arrived this morning direct from both Microsoft and Norton.
It did? To whom was this information directly sent? Strange that this
supposedly critical revelation gets no mention on any of the news sites, or
Microsoft or Norton's web sites.
> Please send it to everybody you know who has access to the
> Internet.
Yes! Spread the FUD far and wide!
> You may receive an apparently harmless email with a Power Point
> presentation
> "Life is beautiful." If you receive it DO NOT OPEN THE FILE UNDER ANY
> CIRCUMSTANCES . Delete it immediately. If you open this file, a message
> will appear on your screen saying: "It is too late now, your life is no
> longer beautiful."
OK, up until this point the actions of opening a Powerpoint file from an e-mail
have been feasible. However...
> Subsequently you will LOSE EVERYTHING IN YOUR PC...
What?! We've rocketed out of the realms of possibility now. Powerpoint is
designed for PRESENTATIONS. Not erasing your hard drive. It may well be the
case that Powerpoint has an implementation of Visual Basic for Applications,
but this is designed for automating simple tasks and adding some basic
scripting capabilities to your slides, not evil subterfuge.
Having said that, VBA *is* capable of some nasty things, and not being a
Powerpoint guru (I've never used it) I can only assume there isn't a
dialog asking if the file has come from a trusted source that the user has
to acknowledge before any scripts are executed. Otherwise why do so many
people fall victim to it?
> ...and the person who sent it to you will gain access to your name, e-mail
and password.
Let's get this straight... The person who sent *you* the e-mail will get your
name? Shock horror! Wouldn't they already have known that?
As for getting your e-mail and password, this is ridiculous. The password is
stored as a one-way hash (meaning there is no 'decryption' routine, just
brute-force attacking which takes a *long* time), and it would be very
difficult for a humble presentation to find and crack this hash.
I'm not entirely sure what is meant by 'gaining access to your e-mail', but
considering the target audience of this message is webmail users, it seems to
be a contradiction because the user's e-mail messages are stored on a remote
server.
> This is a new virus which started to circulate on Saturday afternoon.
> AOL has already confirmed the severity, and the antivirus software's
> are not capable of destroying it. The virus has been created by a hacker
> who calls himself "life owner."
AOL are backing up these claims of widespread data-loss and anguish are they?
Then why do I see no mention of it on their website? I must admit, that titbit
of information, the hacker's name, almost convinced me the story was real for a
second there. I almost found myself forwarding the mail to everyone I know and
then sweating with anticipation of the next message to hit my inbox lest it
carry the dreaded 'Life is beautiful.'
> PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask
> them to PASS IT ON IMMEDIATELY.
This is the one part of the e-mail I do agree with. Why don't you forward
*this* e-mail on to everyone who would otherwise have received the original
message from you? Why not send it back to the person who sent you the mail in
the first place? Arming yourself with some knowledge isn't a bad idea, and
sharing that knowledge is even better.
Life *is* beautiful, why not make your inbox beautiful too?
---- Original Message ----
>>Subject: VIRUS WARNING
>>Date: Wed, 16 Nov 2005 07:53:49 +0000 (GMT)
>>
>>This is not a joke!
>>
>>Please Be Extremely Careful especially if using internet mail such
>> asYahoo,
>>Hotmail, AOL and so on. This information arrived this morning direct from
>>both Microsoft and Norton.
>>
>>Please send it to everybody you know who has access to the
>>Internet.
>>
>>You may receive an apparently harmless email with a Power Point
>>presentation
>>"Life is beautiful." If you receive it DO NOT OPEN THE FILE UNDER ANY
>>CIRCUMSTANCES . Delete it immediately. If you open this file, a message
>>will appear on your screen saying: "It is too late now, your life is no
>>longer beautiful."
>>Subsequently you will LOSE EVERYTHING IN YOUR PC and the person
>>who sent it to you will gain access to your name, e-mail and password.
>>This is a new virus which started to circulate on Saturday afternoon.
>>AOL has already confirmed the severity, and the antivirus software's
>>are not capable of destroying it. The virus has been created by a hacker
>>who calls himself "life owner."
>>
>>PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask
>>them to PASS IT ON IMMEDIATELY.
[ Entry posted at: Thu 24 Nov 2005 00:56:05 UTC | Comments: 1 | Cat: Rant ]