Teddy, a variant of the SULFNBK.EXE hoax that has been menacing e-mail users since early 2001, has identical social engineering principles as its predecessor. It warns users that they have a virus, instructing them to delete a Windows system file in order to remove it.
Like sulfnbk, Teddy's name is derived from the file users are asked to delete but with a slight variation. The icon associated with the file Teddy targets, JDBGMGR.EXE, is a bear.
A distressed mother of two contacted ZDNet Australia after diligently following the hoax e-mail instructions to the letter.
She said that the hoax's trail of mayhem can be traced to Singapore where, she was told by others caught up in the e-mail thread, Teddy is wreaking havoc.
In the past 24 hours the hoax has managed to retain its position at the top of Sophos' hoax and scare hit parade.
Paul Ducklin, head of Sophos Australia's virus monitoring facility, said that's an indication of the insidious nature of the hoaxes like Teddy and SULFNBK.EXE rather than the scale of menace of they represent.
"JDBGMGR is relatively new, which probably explains its current prevalence," said Ducklin. "But SULFNBK (of which JDBGMGR can be considered a variant), which is many months old, is still at number three, which suggests that JDBGMGR is likely to hang around in the 'hit parade' for some time to come."
Ducklin questions whether Teddy stole the top spot or if SULFNBK ever really left it. And for Ducklin that's the real problem with hoaxes; they can have a life span that outstrips viruses.
"If something says 'forward this to everyone' people think 'I'll forward this to everyone' and they don't bother reading it, and the [hoax] just carries on and on," he said. "And of course there is no application of anti-virus technology that is going to block those e-mails because there is no virus."
Ducklin said that individuals need to get into the habit of reading their e-mails more thoughtfully and companies should designate a single individual that has sole authority to act on virus warnings.
It doesn't help when a small regional ISP in Queensland sent out the hoax in an email message to all their subscribers.