So you check your system, and sure enough, there in the Windows directory is the very file the email warned you about. You wonder briefly why your antivirus software didn't pick up this one, but then you remember that the letter said that this one was so clever that antivirus software couldn't detect it. Guess you'd better delete it, right?
Wrong. If you actually do delete the file, you could very easily spend the next couple of hours reinstalling Windows. And that, of course, is why the antivirus software didn't issue an alert. The email was a hoax, and if you follow its instructions, you could delete an important Windows file--one that's supposed to be there.
"Hoaxes are almost a bigger problem than viruses," notes Roger Thompson, technical director of malicious code research for the ICSA in Herndon, Virginia. He notes that it's a lot easier to create a good hoax than it is to create a good virus. And antivirus software, obviously, can't detect a hoax. So these hoaxes usually get through.
As a result, enormous amounts of company resources are used up in dealing with hoaxes. Employees spend time sending the messages to others, some waste time looking for and deleting the offending files, and time is also spent restoring users' computers after they've deleted those files.
Right now, the hot hoax is one that warns of a file on your computer called JDBGMGR.EXE, which an email claims will invade your computer, lie dormant for two weeks, and then release a worm. In reality, this is a file that allows Windows to use Java. If you erase it, you won't be able to use Java.
Making matters more complicated, JDBGMGR.EXE is a file that is sometimes sent out in infected form by the MAGISTR virus, meaning that you could find it as an attachment in an email. The result is even more complicated; in one case, you don't want to erase the file (when it's on your hard disk) but in another case, you do (when it's in an email). You can imagine how much fun the support desk is having with that one.
In some ways, JDBGMGR.EXE is similar to the granddaddy of virus hoaxes--the "Goodtimes" virus of seven years ago. If activated, this virus was supposed to execute code that would cause your CPU to overheat and fail. Aside from the fact that you can't do that with software (at least not the way the email described it) there was simply nothing to it. But for months, thousands of people were searching for anything named "Goodtimes."
That hoax was complicated by two things. In those days, Microsoft shipped a music video on the Windows CD called "Goodtimes." So people were freaking out when they found what they thought was a virus on their operating system CD where it couldn't be erased. Then, a few months later, somebody actually did release a virus called "Goodtimes." By then, most people had learned that Goodtimes wasn't a virus. So they didn't treat it as one. Imagine the consternation.
The answer to the chaos caused by these hoaxes isn't all that easy, but you should start by making sure your employees know that such things exist. Maybe that will help them learn not to believe everything they read in email. The next thing you should do is appoint someone to be the hoax point of contact. Then, when people receive warnings, real or imagined, about viruses, you have someone who can actually investigate and tell whether it's real. Remember, if a hoax requires as much resources as fixing a virus does, there's not much practical difference. It might as well be a real virus.
