From: Pat Hafford [pah@dcgserv.cnd.hp.com] Sent: Monday, March 23, 1998 9:24 AM To: 'chymes@cup.hp.com' Cc: 'pah@dcgserv.cnd.hp.com' Subject: Forwarded: Re: Virus Alert!!! Charles- I read the message describes below (Look Before You Buy) and wonder if my Unix workstation is infected???? I have forwarded your "Penpal" response to numerous folks who have had virus scares, but am unclear in this situation. (Your messsage follows the "Virus Warning" message from Larisa Cannon.) -------- Forwarded Message >From LARISA_CANNON@NON-HP-FtCollins-om4.om.hp.com Tue Nov 11 13:04:40 MST 1997 Received: from outside.cnd.hp.com by dcgserv.cnd.hp.com with ESMTP (1.37.109.16/15.5+ECS 3.3) id AA148948679; Tue, 11 Nov 1997 13:04:40 -0700 Return-Path: Received: from hpfcla.fc.hp.com by outside.cnd.hp.com with ESMTP (1.37.109.16/15.5+ECS 3.3) id AA197758667; Tue, 11 Nov 1997 13:04:27 -0700 Received: from omgw1.boi.hp.com by hpfcla.fc.hp.com with ESMTP (1.37.109.20/15.5+IOS 3.20) id AA063808665; Tue, 11 Nov 1997 13:04:25 -0700 Received: from localhost (root@localhost) by omgw1.boi.hp.com with SMTP (8.7.1/8.7.3 TIS 5.0 Openmail) id NAA17790; Tue, 11 Nov 1997 13:04:29 -0700 (MST) >From: LARISA_CANNON@NON-HP-FtCollins-om4.om.hp.com X-Openmail-Hops: 3 Priority: Urgent Importance: High Date: Tue, 11 Nov 97 13:02:49 -0700 Message-Id: Subject: Re: Virus Alert!!! Mime-Version: 1.0 To: PDL-MRC_CO-GROUP/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_CONVEX/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_CSG/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_CSY/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_ECO/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_EEBU/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_ESO/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_ESSD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_ESY/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_FSBU/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_INET-MKTG/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_INET-TECHNOLOGY/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_ISD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_MDD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_NCD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_NET-METRIX/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_NSD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_OSSD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_OVSD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_PANACOM/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_PLANNING/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_PSO/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SALES-MKTG/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SBU/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SESD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SSD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SSG/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_STD/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_STG/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_SYMANTEC/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_TCBU/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_TSBU/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_UDL/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_WSY/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_WTC/HP-FtCollins_pdl4@omgw1.boi.hp.com, PDL-MRC_YHP/HP-FtCollins_pdl4@omgw1.boi.hp.com Content-Type: text/plain; charset=US-ASCII; name="cc:Mail" Content-Disposition: inline; filename="cc:Mail" Content-Transfer-Encoding: 7bit Status: R FYI -- As you may know, we accidentally sent out an email this morning that contained a virus. The message had the title "FIRST Intranet 'Look before you Buy' Offer". IF YOU HAVE NOT READ THAT MESSAGE, PLEASE DELETE IT IMMEDIATELY! If you have already opened that email, your computer may have been infected, and you are advised to run an Anti-Virus program. Please contact your local IT department for more information. We sincerely apologize for any inconvenience. CO MRC Staff > > The warning you received about a "PenPal Greetings" virus is a HOAX. > is a cheap copy of the "Good Times" hoax and the "Deeyenda" hoax, and > several others. Spread the word to all you forwarded a warning to! > Don't Cry Wolf! > > How do I know its a hoax? > 12 years exploring and fighting viruses on various OS's > 10 years internet experience > 6 years writing low level TCP/IP (internet) software > > For the more information check out: > 1."Good Times" http://www.hr.doe.gov/goodtime.html > 2. Deeyenda, Irina, and Ghost > http://ciac.llnl.gov/ciac/bulletins/h-05.shtml > > Anyway, there is ABSOLUTELY NO WAY** for an e-mail message to infect > your computer with a virus just by reading it. The reasons are > technical, but it boils down to this: ONLY EXECUTABLE FILES CAN CARRY > VIRUSES. E-MAIL, USENET and other data files are NOT EXECUTABLE. > > > Note however, that it IS possible to download an executable program > through e-mail, or through your web browser. For heaven's sake > DON'T RUN A PROGRAM FROM A SOURCE YOU DON'T HAVE VERY GOOD REASON > TO TRUST! If your browser or e-mail reader does not ask you permission > before it runs a downloaded program, THROW THAT BROWSER OR READER > AWAY! It's no more useful than a door to your house that can't keep > anyone out. > Furthermore, some messages include executable Macros, that run on word > processors or other applications. These have exactly the same issues > as other executable files included in messages. > > And here are some authoritative sources of information. > > 1.Computer Emergency Response Team > 2.Computer Incident Advisory Capability > > Why not cry wolf? Why not "err on the side of caution?" > First, remember the Aesop's Fable. You will loose credibility giving a > warning that later turns out to be false. Especially when the hoax > depends on people not knowing about viruses and the internet. > Second, you are promoting general anxiety about computers and the internet > which convinces users that such things are dangerous and > difficult, and should be avoided. > Third, You miss the opportunity to use new tools and technology. For > example, some managers are saying things like "Don't read messages > from the internet, you could put a virus on our network." > Fourth, You are throwing dirt in our own feeding trough. If we want make > money selling Internet solutions, we should not be promoting the > idea that internet technologies are catastrophically dangerous. > > I have been maintain information on internet hoaxes for several years. My > web page, > > http://www.csmil.umich.edu/~chymes/newusers/Think.html > > Has been recognized by Yahoo, Information Age, America Online, The United > State Department of Commerce, and several print newspapers and magazines > as a useful site to debunk internet hoaxes. PLEASE READ THIS for more > information. > > Charles Hymes > Sr. Human Factors Engineer > Hewlett-Packard Company > 408-447-2340 > _______________