Return-Path: <nifl-technology@literacy.nifl.gov>
Received: from literacy (localhost [127.0.0.1]) by literacy.nifl.gov (8.10.2/8.10.2) with SMTP id fBNKTq005126; Sun, 23 Dec 2001 15:29:53 -0500 (EST)
Date: Sun, 23 Dec 2001 15:29:53 -0500 (EST)
Message-Id: <5.1.0.14.0.20011223123703.01f60ec0@mail.la-youth.org>
Errors-To: listowner@literacy.nifl.gov
Reply-To: nifl-technology@literacy.nifl.gov
Originator: nifl-technology@literacy.nifl.gov
Sender: nifl-technology@literacy.nifl.gov
Precedence: bulk
From: Jason <jason@la-youth.org>
To: Multiple recipients of list <nifl-technology@literacy.nifl.gov>
Subject: [NIFL-TECHNOLOGY:2161] Re: possible virus in your system
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Type: multipart/alternative;
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Status: O
Content-Length: 15820
Lines: 187
--=====================_958898==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
BEFORE YOU DO ANYTHING ABOUT THE ALLEGED SULFNBK.EXE VIRUS READ THE
FOLLOWING from VMyths.com < http://vmyths.com/hoax.cfm?id=257&page=3 >:
sulfnbk.exe virus
(Not to be confused with the Honor System virus...)
A sulfnbk.exe virus alert surfaced in April 2001. The basic alert achieved
immense popularity with gullible users by late-May 2001. Antivirus vendors
declared it a hoax for the most part -- but Vmyths.com categorizes it as a
mass-hysteria urban legend.
Clueless people kept rewriting the sulfnbk.exe alert. They didn't seem
content to forward the warning they received...
Let's begin with a plausible scenario of how the sulfnbk.exe hysteria
began. Based on readers' input to our HoaxFYI service, here's what we think
really happened:
Someone's PC got infected with the well-known Magistr worm/virus. It
forwarded itself to others as an attachment in emails.
One of those emails went out with an attachment named SULFNBK.EXE. A
recipient detected the virus with antivirus software.
The recipient searched his PC for "sulfnbk.exe" -- and he found it. (It's a
standard Windows operating system file.) Yet, try as he might, he couldn't
get his antivirus software to detect a virus in that file. So he deleted it
from his PC.
The well-meaning recipient sent a warning to his colleagues telling them
how to search for the evil file.
Another well-meaning user received the warning, found the "virus" on his
own system, and sent a warning of his own. Another well-meaning user
received that warning, found the "virus" on his own system, and sent a
warning of his own. Another well-meaning user received that warning...
Many well-meaning users fell prey to False Authority Syndrome when they
"detected" SULFNBK.EXE on their computers. The alert took on numerous forms
in numerous languages -- because so many clueless people kept rewriting the
alert. They didn't seem content to just forward the original warning they
received...
McAfee confirms sulfnbk.exe warnings appeared in English, Spanish,
Portuguese, Dutch, and Italian. Vmyths.com saw French and German versions,
and we believe well-meaning users translated the warnings from one language
to another. (Caveat: based on readers' input to our HoaxFYI service,
Vmyths.com believes one of the more popular English variants derived from
McAfee's website.)
The sulfnbk.exe alert reached critical mass in late-May 2001, and concerned
users quickly made it one of the Top 50 search phrases on Lycos. Lycos
pundit Aaron Schatz reported "searches for the virus [began] about five
weeks ago and in the last two weeks have gone up an obscene 1410 percent."
Lycos listed it as the #2 search phrase for the week ending 2 June 2001.
Did you get duped? Did you delete the file? Do you want to repair your
self-inflicted damage? Click here for details.
Why did this urban legend turn so quickly into mass hysteria? Consider the
following:
The basic chain letter identifies an obscure file found on tens of millions
of PCs -- and it offers simple instructions on how to find the file in
question.
The file's associated icon looks childish, giving the impression an
immature hacker drew it.
Some variants warned the virus would activate on "May 25," thereby giving
the chain letter a heightened sense of urgency. Later variants warned the
virus would activate on 1 June.
Gullible users assumed they found a dangerous virus -- simply because they
found a file on their PC. They then fell victim to False Authority
Syndrome. (Vmyths.com surmises the 25 May & 1 June dates likewise devolved
from gullible users who suffer from False Authority Syndrome.)
Many variants of the chain letter urged people to forward the alert as part
of an apology letter: "if you detect the virus you in turn need to contact
everyone you have send [sic] ANY email to in the past few months and share
this waring [sic] with them."
One woman obediently wrote to her friends, "I am sorry if Sulfnbk is on
your computer..." A man wrote to his colleagues, "I maight [sic] have
unwittingly been spreading a virus via email..." These apology letters only
added to the confusion, which added to the hysteria's success. Mary
Landesman (antivirus.about.com) summed it up quite nicely: "hoaxes survive
simply by causing confusion." And the sulfnbk.exe hysteria did an excellent
job at causing confusion.
The hysteria probably also erupted for another set of reasons. Consider the
following:
Antivirus software regularly fails to detect newly discovered viruses.
Examples include Melissa, ExploreZip, MiniZip, BubbleBoy, ILoveYou,
NewLove, KillerResume, Kournikova, and NakedWife.
When antivirus software fails, it fails spectacularly. Examples include all
the end-of-the-world stories about Melissa, ILoveYou, and Kournikova.
Customers buy antivirus software knowing it will fail spectacularly.
So you're staring at a file on your PC. It's SULFNBK.EXE, just like your
podiatrist's secretary warned. Your antivirus software says "everything's
cool," but it said the same thing when Melissa & ILoveYou struck. What
would you do in this situation? It looks like people overwhelmingly trusted
their eyeballs more than their antivirus software.
Vmyths.com repeats -- the basic sulfnbk.exe alert shows all the markers of
an urban legend, not a "hoax." We've seen this type of mass hysteria before
and we'll probably see it again.
The correct translation
If we translate the sulfnbk.exe chain letter for the real world, it would
read as follows:
I went to the place where I work, and I shouted, and guess what? I got a
response. Creepy! I reloaded twice just to be sure. Trust me, you need to
follow these instructions.
Go to the place where you work.
Shout out, 'can anyone hear me?'
If you get a response, shoot to kill -- it's a homicidal maniac!
Well, actually, he's not a maniac yet. That's why the police can't help
you. But he'll turn into a homicidal maniac on June 1. Shoot him! Do it
right now! Better safe than sorry!
Good news: you killed the homicidal maniac. Bad news: everyone you spoke to
in the last few months now has a homicidal maniac at work. Warn all of your
friends!
--06/07/01
At 01:24 PM 12/23/2001 -0500, you wrote:
>sulfnbk.exe
#######################
Please check out our web site at <http//www.la-youth.org>
Do you shop on the web? You can help us financially at no additional cost
if you click through our shopping portal at
<http//www.youthcharitymall.com> We have 120 of the most popular shopping
sites and we will get up to 14% of what you spend as a referral fee from
the e-retailers.
Do you have a car to donate? For more info http://www.CarsForDonation.com
and then call us at 800-433-5111.
--=====================_958898==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
BEFORE YOU DO ANYTHING ABOUT THE ALLEGED SULFNBK.EXE VIRUS READ THE
FOLLOWING from VMyths.com <
<a href="http://vmyths.com/hoax.cfm?id=257&page=3" eudora="autourl">http://vmyths.com/hoax.cfm?id=257&page=3>
>:<br><br>
<font color="#FF0000"><b>sulfnbk.exe virus<br>
</b></font>(Not to be confused with the <font color="#0000FF"><i><u>Honor System</i> virus</u></font>...) <br>
A <i>sulfnbk.exe</i> virus alert surfaced in April 2001. The basic alert achieved immense popularity with gullible users by late-May 2001. Antivirus vendors declared it a hoax for the most part -- but Vmyths.com categorizes it as a <b>mass-hysteria urban legend</b>. <br>
<table border=1>
<tr><th width=170><font color="#0000FF"><b><u>Clueless people</u></font> kept <font color="#FF0000">rewriting</font> the <i>sulfnbk.exe</i> alert. They didn't seem content to forward the warning they received... </b></th></tr>
</table>
Let's begin with <b>a plausible scenario</b> of how the <i>sulfnbk.exe</i> hysteria began. Based on readers' input to our <font color="#0000FF"><u>HoaxFYI</u></font> service, here's what we think <i>really</i> happened:
<dl>
<dd>Someone's PC got infected with the well-known <font color="#0000FF"><i><u>Magistr</i> worm/virus</u></font>. It forwarded itself to others as an attachment in emails.
<dd>One of those emails went out with an attachment named SULFNBK.EXE. A recipient detected the virus with antivirus software.
<dd>The recipient searched his PC for "sulfnbk.exe" -- and he found it. (It's a <font color="#0000FF"><u>standard Windows operating system file</u></font>.) Yet, try as he might, he couldn't get his antivirus software to detect a virus in <i>that</i> file. So he deleted it from his PC.
<dd>The well-meaning recipient <i>sent a warning</i> to his colleagues telling them how to search for the evil file.
<dd>Another well-meaning user received the warning, found the "virus" on his own system, and sent a warning of his own. Another well-meaning user received <i>that</i> warning, found the "virus" on his own system, and sent a warning of his own. Another well-meaning user received <i>that</i> warning...
</dl>Many well-meaning users fell prey to <font color="#0000FF"><u>False Authority Syndrome</u></font> when they "detected" SULFNBK.EXE on their computers. The alert took on numerous forms in numerous languages -- because so many clueless people kept rewriting the alert. They didn't seem content to just forward the original warning they received... <br>
McAfee confirms <i>sulfnbk.exe</i> warnings appeared in English, Spanish, Portuguese, Dutch, and Italian. Vmyths.com saw French and German versions, and we believe <b>well-meaning users</b> translated the warnings from one language to another. (<i>Caveat:</i> based on readers' input to our <font color="#0000FF"><u>HoaxFYI</u></font> service, Vmyths.com believes one of the more popular English variants <font color="#0000FF"><u>derived</u></font> from McAfee's website.) <br>
The <i>sulfnbk.exe</i> alert reached critical mass in late-May 2001, and concerned users quickly made it one of the <font color="#0000FF"><u>Top 50 search phrases on Lycos</u></font>. Lycos pundit Aaron Schatz reported "searches for the virus [began] about five weeks ago and in the last two weeks have gone up an obscene 1410 percent." Lycos listed it as <i>the #2 search phrase</i> for the week ending 2 June 2001. <br>
<table border=1>
<tr><th width=170><b>Did you get duped? Did you <font color="#FF0000">delete</font> the file? Do you want to <font color="#FF0000">repair</font> your self-inflicted damage? <font color="#0000FF"><u>Click here for details</u></font>. </b></th></tr>
</table>
Why did this urban legend turn so quickly into mass hysteria? Consider the following:
<dl>
<dd>The basic chain letter identifies an <b>obscure file</b> found on tens of millions of PCs -- and it offers simple instructions on how to <i>find</i> the file in question.
<dd>The file's associated <font color="#0000FF"><u>icon</u></font> looks childish, giving the impression an immature hacker drew it.
<dd>Some variants warned the virus would activate on "May 25," thereby giving the chain letter a heightened sense of urgency. Later variants warned the virus would activate on 1 June.
<dd>Gullible users assumed they found a dangerous virus -- simply because they found a file on their PC. They then fell victim to <font color="#0000FF"><u>False Authority Syndrome</u></font>. (Vmyths.com surmises the 25 May & 1 June dates likewise devolved from gullible users who suffer from <font color="#0000FF"><u>False Authority Syndrome</u></font>.)
<dd>Many variants of the chain letter urged people to forward the alert as part of an <b>apology letter</b>: "if you detect the virus you in turn need to contact everyone you have send [<i>sic</i>] ANY email to in the past few months and share this waring [<i>sic</i>] with them."
</dl>One woman obediently wrote to her friends, "I am sorry if Sulfnbk is on your computer..." A man wrote to his colleagues, "I maight [<i>sic</i>] have unwittingly been spreading a virus via email..." These apology letters only added to the confusion, which added to the hysteria's success. Mary Landesman (antivirus.about.com) <font color="#0000FF"><u>summed it up</u></font> quite nicely: "hoaxes survive simply by causing confusion." And the <i>sulfnbk.exe</i> hysteria did an <i>excellent</i> job at causing confusion. <br>
The hysteria probably also erupted for another set of reasons. Consider the following:
<dl>
<dd>Antivirus software regularly fails to detect newly discovered viruses. Examples include <i>Melissa</i>, <i>ExploreZip</i>, <i>MiniZip</i>, <i>BubbleBoy</i>, <i>ILoveYou</i>, <i>NewLove</i>, <i>KillerResume</i>, <i>Kournikova</i>, and <i>NakedWife</i>.
<dd>When antivirus software fails, it fails spectacularly. Examples include all the end-of-the-world stories about <i>Melissa</i>, <i>ILoveYou</i>, and <i>Kournikova</i>.
<dd>Customers buy antivirus software knowing it will fail spectacularly.
</dl>So you're staring at a file on your PC. It's SULFNBK.EXE, just like your podiatrist's secretary warned. Your antivirus software says "everything's cool," but it said the same thing when <i>Melissa</i> & <i>ILoveYou</i> struck. What would you do in this situation? It looks like people overwhelmingly trusted their eyeballs more than their antivirus software. <br>
Vmyths.com <b>repeats</b> -- the basic <i>sulfnbk.exe</i> alert shows all the markers of an urban legend, <i>not</i> a "hoax." We've seen this type of mass hysteria <font color="#0000FF"><u>before</u></font> and we'll probably see it <font color="#0000FF"><u>again</u></font>. <br>
<font size=5><b>The <i>correct</i> translation<br>
</b></font>If we translate the <i>sulfnbk.exe</i> chain letter for the real world, it would read as follows: <br>
<i>I went to the place where I work, and I shouted, and guess what? I got a response. Creepy! I reloaded twice just to be sure. Trust me, you need to follow these instructions. <br>
Go to the place where you work. <br>
Shout out, 'can anyone hear me?' <br>
If you get a response, shoot to kill -- it's a homicidal maniac! <br>
Well, actually, he's not a maniac yet. That's why the police can't help you. But he'll turn into a homicidal maniac on June 1. Shoot him! Do it right now! Better safe than sorry! <br>
Good news: you killed the homicidal maniac. Bad news: everyone you spoke to in the last few months now has a homicidal maniac at work. Warn all of your friends! <br>
--06/07/01<br>
</i> <br><br>
At 01:24 PM 12/23/2001 -0500, you wrote:<br>
<blockquote type=cite class=cite cite>sulfnbk.exe </blockquote>
<x-sigsep><p></x-sigsep>
#######################<br><br>
Please check out our web site at <http//www.la-youth.org> <br><br>
<font color="#FF0000">Do you shop on the web?</font> You can help us financially at no additional cost if you click through our shopping portal at <http//www.youthcharitymall.com> We have 120 of the most popular shopping sites and we will get up to 14% of what you spend as a referral fee from the e-retailers. <br><br>
<font color="#FF0000">Do you have a car to donate?</font> For more info <a href="http://www.carsfordonation.com/" eudora="autourl"><font color="#0000FF"><u>http://www.CarsForDonation.com></u></font> and then call us at 800-433-5111.<br>
</html>
--=====================_958898==_.ALT--
This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 11:31:27 EST