Viruses and Hoaxes - Virus Bulletins - Security Bulletins

DON'T FORWARD
CHAIN LETTERS!

Some Internet Service Providers prohibit their users from sending chain letters. Please, review your ISP's Terms of Use, or its Acceptable Use Policy. Failing to abide by their policy may cause you to have your e-mail account terminated.

 

"Myths, urban legends and even medical quackery have been around for generations. But experts say the wide-open nature of e-mails and the World Wide Web -- where millions of bits of information can travel the globe in seconds -- make the problem even harder to deal with."

Fox News Channel
15 Mar 00

 

Not sure about a threat? We'll be glad to check it out for you with a word of explanation on how you received it. E-mails forwarded without explanation will be treated as a virus and deleted. Send your question to: security@sdsltd.com
HOAX BULLETINS
Last Update: 12 May 03 
"The Environment in CyberSpace"
Hoaxes, Chain Letters and their aliases
 
Not on this list? Did you check all the aliases? If not listed above, then enter a keyword in the search function of one of these sites:

And for a bit of educational humor:

Back to Virus and Hoaxes Main Page
DON'T FORWARD CHAIN LETTERS
Some Internet Service Providers prohibit their users from sending chain letters.
Please, review your ISP's Terms of Use, or its Acceptable Use Policy. Failing to abide by
their policy may cause you to have your e-mail account terminated.
• HOAX BULLETIN #5 - WOBBLER
AKA California Virus, Let's Watch TV, Kali, How to Give a Cat a Colonic
 (March 2000)
Well, an old virus warning HOAX is on the prowl again, making the e-mail rounds. But by now, no doubt, you have become a pro at recognizing the hoaxes. This one has several names, as shown in the article from The Age, an Australian newspaper, with a Paris dateline. It's called "Wobbler," or "California" or "How to Give a Cat a Colonic." That last name is old and so is the hoax. Read the article at Hoax virus warning distributed on the Internet (The Age, Australia, 23 Feb 2000). You can read the hoax explanations at one of several sites:
• HOAX BULLETIN #6 - COSTA RICA BANANAS
(March 2000)  
Egad! Another foreign threat! "Several shipments of bananas from Costa Rica have been infected with
necrotizing fasciitis, otherwise known as flesh eating bacteria... valided by the Center for Disease Control..." Okay, that's just enough of the quote to give you a flavor of the HOAX. Don't you think that if there were any truth to this, you would have heard it on the news?
• HOAX BULLETIN #7 - A VIRTUAL CARD FOR YOU
AKA Una Tarjeta Virtual, Una Cartolina Virtuale, Panic in New York
Variant of Good Times hoax
 (9 January 2001 - Updated 23 September 2001)
 
This virus warning is a HOAX. It's circulating around the Internet in several languages. Check these out:
• HOAX BULLETIN #8a - JANE FONDA
 (25 January 2001)
It matters not what we think of Jane Fonda. What matters is that the information we disseminate on the Internet is accurate. An e-mail is circulating which "blends fact and fiction." I urge you to correct the erroneous information. The correction is provided by Prof. Charles Klingman, whose name appears at the bottom of the hoax you might receive, and he is NOT the originator of the story. Please refer your senders to this page on the Sherman Dynamics & Security Ltd. (SDSL) site.
• HOAX BULLETIN #8b - KLINGERMAN VIRUS SENT VIA SNAIL MAIL
(25 January 2001)
"Someone is sending sponges carrying a deadly 'Klingerman virus' to victims via U.S. Mail." The HOAX e-mail SDSL received has the signature block of the Yale New Haven Hospital and a telephone number. Besides having all the earmarks of a hoax, anyone bothering to call the number will be immediately straightened out as to the validity of the information! It is, indeed, a hoax... As the University of Michigan page says, "Hmmm. 23 cases? That would have made the nightly news, right?" Check one of these three sites to get the flavor of the story:
 
HOAX BULLETIN #8c - ALERT: NPR, NEA & PBS FUNDING CUTS
 (25 January 2001)
Old, recycled story! It started as a well-meaning campaign in 1995 by University of Northern Colorado students. It has taken on a life of its own.
• HOAX BULLETIN #9 - AMY BRUCE CANCER CHAIN LETTER
 (26 February 2001)
Pleae read on the Urban Legends Zeitgeist page the very important reasons why you SHOULDN'T forward such letters that tug at your heartstrings.
• HOAX BULLETIN #10 - FEDERAL BILL 602P
AKA 5-cent E-mail Tax, E-mail Surcharge
(8 March 2001)
This HOAX has been around since May 1999. DO NOT contact your congressmen and senators and clog up the congressional e-mail network: there is no such bill nomenclature as "Federal Bill 602P." It's a hoax, it's old (May 1999) and it's being recycled for the umpteenth time around the Net. Find out more at any one of these sites:
• HOAX BULLETIN #11 - HILLARY & THE BLACK PANTHERS
 (11 March 2001)
This text of this chain letter is NOT by Paul Harvey. When I received it in early 2000, there was a sentence at the end of the letter saying "As Paul Harvey would say, this is the rest of the story." Since then, someone saw fit to amend it to attribute it to Paul Harvey. It has been around since Hillary Clinton announced as a candidate for the Senate seat from New York. Although Hillary Clinton did support the cause of the Black Panthers, this chain letter contains partial truths, lies and distortions. As with the Jane Fonda chain letter (see #8a above), it matters not what we think of Hillary Clinton. What matters is the truth. Please check one the following sources:
• HOAX BULLETIN #12 - MARINES NOT OBSERVING PROPER PROTOCOL
(20 March 2001)

The information refuting this hoax is finally appearing on various hoax sites. I had found this chain letter hard to believe, because, regardless of what they think of any Commander in Chief, active duty military members are professionals throughout. As explained in the sites below, any breach of protocol about the Commander in Chief would never be condoned by the Marine Corps. What lends this an air of truth (aka the False Authority Syndrome) is that the writer says that he saw this "this morning on CNN."

  • Urban Legends and Folklore
    • "Dont' Tell It to the Marines - Email tale of Marine disrespect for Clinton is false."
  • Urban Legends Reference Page
    • "The obvious motivation behind this story is to disparage the ex-president, but what many of its eager forwarders fail to realize is that it disparages the Marines even more."
 
• HOAX BULLETIN #13 - AN INTERNET FLOWER FOR YOU
(21 March 2001)

This so-called virus warning is a HOAX. It has been alive since the summer of 2000, but is making the rounds again. You might receive it on its own, or it might have been added at the bottom of the hoax "A Virtual Card for You" (#7 above) which is also a hoax. Tip-offs: (1) False Authority Syndrome with no solid link to either Intel, Microsoft, McAfee and CNN. The link to CNN is only to the home page, not to any valid article. (2) The request that you "Send to everyone on your address book." Check out any of these antiviral software companies for confirmation of that this is a hoax:

• HOAX BULLETIN #14 - HOTMAIL OVERLOAD
AKA Hotmail may cancel your account
(23 March 2001)
 
Do NOT forward a warning you may receive stating that Hotmail (the free e-mail service) is overloading and must get rid of infrequent users. It is a HOAX. It's been around since Oct. 1999 and is resurfacing in full force. (There were several articles in the newspapers lately about Hotmail, but they were related to bona fide potential privacy problems.) Once you analyze the chain letter closely, you'll realize that this letter takes the cake for being really dumb! Find confirmation that this is a hoax on one of these sites:
• HOAX BULLETIN #15 - AFGHANISTAN PETITION
(02 April 2001)
 
This is a pointless petition. It's going nowhere and clogging up the cyber waves in the process! Please, should you receive this chain letter concerning the plight of women in Afghanistan, do NOT forward it. Delete it! The chain letter IS based on a true situation; however, click here for Brandeis University's 10 Jan 99 notice asking people to stop sending e-mail. The well-intentioned students who started the petition also started a monster. The e-mail account mentioned in the petition was terminated on 3 Jan 99.
 
As Brandeis University states in its notice, we can find more productive outlets for our concerns. Should we wish to find out what we can do, we may contact some of the organizations listed at the bottom of the page of the Urban Legends Reference Page (below). Brandeis states: "We suggest that you contact them through non-virtual channels to help." (emphasis added)
• HOAX BULLETIN #16 - SOLIDARIDAD CON BRIAN
(In solidarity with Brian)
(04 April 2001)
 
We received this chain letter in French; however, it circulates also in English. DELETE it, do NOT forward it. This hoax started in 1999. The English text is a variation of the French text, but the gist of the introduction is something like this:

"This is about a young boy in Buenos Aires who has a deformed heart and requires a heart transplant to live. The operation costs $115,200. Internet service providers will donate $0.01 for each e-mail sent concerning this child and bearing the subject line "Solidaridad con Brian." (NOTE: The three key recognition words)

Please visit the Urban Legends Reference Page and see why such a letter is a hoax, a sadistic one at that. You will also find a link there to a similar hoax about Jessica Mydek. Compare the stories and beware of the next sympathy chain letter that "tugs at your heartstrings"! For more examples of sympathy chain letter hoaxes, visit:

CHAIN LETTER TEXT IN FRENCH
Subject: SOLIDARIDAD CON BRIAN

Salut à tous !

Il s'agit d'un petit garçon, Brian, de Buenos Aires. Brian souffre d'une déformation du muscle cardiaque et a besoin d'une transplantation. L'opération coûte 115 200$. L'ISP (Internet Service Provider) s'engage à Verser 0.01$ pour chaque mail, qui concerne cet enfant, portant le titre "Solidaridad con Brian" et va sur le net. Il est donc nécessaire d'agir rapidement. On a installé près de Brian à l'hôpital un modem pour compter ...11.5millions de mails nécessaires au financement de l'opération.

Pouvez vous, dans la mesure du possible, prendre deux minutes pour envoyer ce message a tous ceux dont vous connaissez l'adresse Internet? N'oubliez pas le titre "Solidaridad con Brian" qui permet à l'ISP de contrôler ( il suffit de l'envoyer à n'importe qui et le message est pris en compte).

 
Merci à tous.
 
Une minute de notre vie pour sauver la sienne.
• HOAX BULLETIN #17 - FAMILY PICTURES
AKA New Pictures of Family
(09 April 2001, Updated 22 September 2001)
 
This e-mail virus warning is a hoax! If you receive it, do NOT forward it! Delete it. You can confirm that it is a hoax at one or more of the sites listed below. See the full text of the hoax at one of the first three sites:
HOAX VIRUS WARNING (Partial text)
DO NOT OPEN "NEW PICTURES OF FAMILY" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called & warned me before I opened it. He was not so lucky and now he cant even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all. Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an email called "FAMILY PICTURES," do not open it. If you receive an email called "FAMILY PICTURES," do not open it. DELETE it right away! This virus removes all dynamic link libraries .dll files) from your computer.
• HOAX BULLETIN #18 - BRAZILIAN RAIN FOREST
(17 April 2001)
 
As the Afghanistan Petition was, this is a pointless petition. Should you receive a chain letter stating that the Brazilian Congress is about to vote on a bill that would reduce the Rain Forest by 50%, do NOT forward it. Delete it! It's outdated, going nowhere and clogging up the cyber waves in the process! The chain letter is based on a draft bill proposed in the Brazilian Congress in May 2000. It did not pass. The e-mail account mentioned in the petition is no longer valid. Read more about the shelved draft bill if you would like at:
• HOAX BULLETIN #19 - ASPARTAME
(20 April 2001)
 
We consider all health-related chain letters dangerous. Most are usually loaded with one or more of the following: misinformation, disinformation, errors, gross exagerations, omissions, smears, wild accusations. Any of these may cause a serious health problem should someone believe in and act on the information contained in the chain letter without corroborating first all of the information in the chain letter with a physician or a bona fide specialized health organization. Even so, you run the risk of someone forwarding the information and modifying it, thereby rendering it potentially dangerous.

Just as with any chain letter, how do you know if its sources are reliable? How do you know if the information is correct and complete, and has not been modified along the thousands of "forwards"? In the end, we would suggest that you NEVER forward such an e-mail.

 
There is a resurgence today of the aspartame chain letter. It is a hoax. Please, do not forward it. DELETE it! According to the e-mail (originally circulated in 1999), there is a vast conspiracy to hide a mind-boggling list of dangerous side effects of aspartame. Some people may develop a food intolerance to aspartame, as is possible with anything we ingest. Monsanto, the aspartame manufacturer, has never hidden this, and warnings are noted on products which contain it. The last bullet below will provide information on food intolerance and allergies.
• HOAX BULLETIN #20 - COUGH CPR
(25 April 2001)
 
Another dangerous health-related chain letter! This one explains a procedure known as "cough CPR" - a procedure allegedly allowing you to do CPR on yourself. I urge you to read the information debunking this dangerous chain letter and to let the sender know that it is invalid and dangerous information. The original source of the information for the chain letter was The Mended Hearts Organization. They have since retracted it. Please see their notice about this at the link below.
• HOAX BULLETIN #21 - CELCOM, SANDMAN, WIN A HOLIDAY
(25 April 2001)
 
These three old hoaxes might like to travel together in one e-mail. Do not forward them! Delete them! Check these sites for confirmation of the hoax:
• HOAX BULLETIN #22 - IT TAKES GUTS TO SAY 'JESUS'
(25 April 2001)
 
This is a hoax. Do not forward! Delete from your mailbox! Check these sites for confirmation of the hoax.
• HOAX BULLETIN #23 - GAS PRICES & GAS COMPANY BOYCOTT
(02 May 2001)
 
We received this chain letter (variations in the text, same meaning) from three unrelated senders. At first, it sounded as if it might be something that might work; however, because it is a chain letter, we did some further research. We discovered it was a hoax. We went to Clark Howard's site provided in the chain letter. The chain letter mentions Howard and implies that he is the economist allegedly recommending the boycott. Click here to read Clark Howard's disclaimer at the top of his page, "Clark has not called for a boycott of certain gas companies..." and click on the link leading to his suggestions on how to save gas.
 
Some versions of this chain letter do not refer to Clark Howard at all, but still recommend a boycott. Do not forward this chain letter! Delete from your mailbox! These two sites provide excellent explanations and reasoning of why we should not believe this chain letter.
• HOAX BULLETIN #24 - KELSEY BROOKE JONES CHAIN LETTER
(20 May 2001)
 
This chain letter (with photo) is one of many reruns since 1999. It concerns a plea for 5 year-old, Kelsey Brooke Jones alleging she has been missing since October 11, 1999. THIS IS A HOAX. The little girl was "missing" for a couple of hours and found playing at a neighbor's house on October 11, 1999. Please do not forward this chain letter.
  • Urban Legends Reference Page
  • Urban Legends & Folklore - You will also find at this site the Oct. 1999 plea from the Case Manager of Missing Persons in Minnesota requesting "We are asking that folks not continue to forward the e-mail, and to notify their friends, family members, and e-mail buddies that there is NO CAUSE FOR ALARM."
• HOAX BULLETINS #25, 25a & 25b - SULFNBK.EXE
(25 May 2001 - Updated: 31 May 2001, 01 Jun 2001, 22 Dec 2001, 31 Jan 02)
(Please see below for most recent update)
 
A HOAX virus warning is circulating asking you to delete a file from your hard drive (see partial text of e-mail below). Do not follow that advice! The danger of this hoax warning is that you will, in all likelihood, find a file by that name and, because of that, you will THINK that you have a virus. If you follow the advice in the hoax warning, you would be deleting a perfectly valid file which serves a purpose.

You may wish to visit the antiviral software company sites below. All three companies have it listed as a hoax and will confirm to you that this is a hoax, but do read their "Caution," since this "SULFNBK.EXE" file is one file to which a virus can attach itself if you receive one in the mail. But it is not, in itself, a problem.

 
DO NOT FOLLOW INSTRUCTIONS
THIS TEXT IS ERRONEOUS
IT IS PROVIDED TO SHOW
THE HOAX
HOAX VIRUS WARNING (Partial text)
Go to the "START" button.
Go to "FIND" or "SEARCH"
Go to "FILES & FOLDERS"
Make sure the find box is searching the "C:" drive.
Type in; SULFNBK.EXE
Begin search.
If it finds it, highlight it.
Go to 'File' and delete it.
Close the find Dialog box
Open the Recycle Bin
Find the file and delete it from the Recycle bin
You should be safe.
  • F-Secure (Data Fellows) - Please read the warning in the last paragraph of this site.
  • McAfee
  • Norton/Symantec - "CAUTION: This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files." (Norton/Symantec)
  • 31 May 2001 Update - Hoax: SULFNBK.EXE
  • ZDNet article - "June 1st virus warning declared a hoax" -
  • McAfee - If you acted on the hoax e-mail and removed the valid SULFNBK.exe file, you will need to reinstall it, McAfee gives you instructions on how to do that.
  • 01 Jun 2001 Update - Hoax: SULFNBK.EXE
  • VMyths.com - "The basic alert achieved immense popularity with gullible users by mid-May 2001. Antivirus vendors have declared it a hoax for the most part -- but Vmyths.com categorizes it as a mass-hysteria urban legend." (VMyths.com)
  • VMyths.com - Apology to McAfee
  • ZDNet article - "Duped by worm hoax, victims seek file fix."
  • DON'T FORGET TO VISIT McAfee (see 31 May 2001 Update) to see how you can restore the file if you deleted it.
  • 22 Dec 2001 Update - Resurfaced in December 2001, information above still valid
  • 31 Jan 2002 Update - Continues to make the rounds, information above still valid
    • VMyths has an excellent article on this.
     
REMEMBER: The ONLY correct way to remove infected files (at any time) from your hard drive is to follow the procedures recommended by your antiviral software company for the specific problem at hand. Some procedures are more complicated than others. Do not forget to update your antivirus software online often - each week, or more often, is better than once a month!
 
• HOAX BULLETIN #26 - CONGRESSIONAL PENSIONS
(23 August 2001)
 
There is enough false information out there and we don't need to contribute any more to it. If you receive a chain letter concerning lavish congressional pensions and other assorted outrages, please delete it. Do not forward it. You may wish to visit the links below to find out why it is a hoax.
REMINDER: No chain letter is worth forwarding, since almost all of them are false, hoaxes, misleading, etc. You get the idea! All it does is clog the Internet with unwanted, and often unread, email, and spreads false information.
 
• HOAX BULLETIN #27 - BUDWEISER SCREENSAVER, BUD FROGS
(17 October 2001)
 
An old hoax (March 1999) making the rounds again... Don't waste your time forwarding it. Instead, check one of these antivirus software companies for confirmation of the hoax and then delete the e-mail:
• HOAX BULLETIN #28 - 10 WORST INTERNET HOAXES
(26 December 2001)
 
One of our faithful and alert bulletin readers sent this link to a 24 Dec 01 CNN article: No fooling: the 10 worst Internet hoaxes." No doubt, you will recognize a few (if not all) that came your e-mail
way. The following link to an 11 Aug 00 article also appears at the bottom of the above article: Despite warnings, e-mail hoaxes still fooling people.
 
Don't get fooled! Refrain from clicking on the "Forward" button when you receive a chain letter. Chances are that 99.9% of the time they are hoaxes. The remaining 0.1% of the time you will have heard
about it on the news first.
 
• HOAX BULLETIN #29 & 29a - jdbgmgr.exe
(15 May 2002 - Updated 08 Jan 2003)
 
Don't get fooled! Refrain from clicking on the "Forward" button when you receive an e-mail, even from a trusted friend, who tells you how to find and remove a so-called virus. Please visit the links below to some of the antiviral software companies that call this dbgmgr.exe file removal e-mail a hoax.
  • F-Secure (Data Fellows)
  • McAfee
  • Norton/Symantec
  • HoaxBusters (a public service of the CIAC team at the U.S. Department of Energy) - "The jdbgmgr hoax is almost the same as the sulfnbk hoax in that it tells you to delete a program that was installed with Windows. jdbmgr.exe is the Java Debugger Manager and does have an icon that looks like a Teddy Bear. It is not, normally, a virus. As with all executables, it is not impossible to have a copy of jdbmgr.exe that is infected by a virus but that virus will be detected by your antivirus software." (HoaxBusters)
Please refer also to our Hoax Bulletin #25 and to our Virus Bulletin #34 (this #34 really belongs in the hoax category).

UPDATE, 8 Jan 03: To read the ZDNet article, please click here. Note that this hoax has been going around for over 8 months and tops the list of circulating hoaxes. If you received this e-mail hoax and deleted the file, you will find the procedure to reinstate it at this Microsoft page.
 
REMEMBER: The ONLY correct way to remove infected files (at any time) from your hard drive is to follow the procedures recommended by your antiviral software company for the specific problem at hand. Some procedures are more complicated than others. Do not forget to update your antivirus software online often - each week, or more often, is better than once a month!
 
DON'T FORWARD CHAIN LETTERS
Some Internet Service Providers prohibit their users from sending chain letters.
Please, review your ISP's Terms of Use, or its Acceptable Use Policy. Failing to abide by
their policy may cause you to have your e-mail account terminated.


Viruses and Hoaxes - Virus Bulletins - Security Bulletins - Top

Text from organizations as indicated - Page ©2003 Sherman Dynamics & Security Ltd.