|
"Virus Hoax:
Malicious Code Example"
Virus Hoax Warnings: Page 18
of 39
AOL4FREE
AOL4FREE actually consists of three separate, independent items: 1.
The AOL4FREE Macintosh Program for gaining fraudulent accounts
on AOL. 2. The AOL4FREE Virus Warning Hoax. 3. The
AOL4FREE.COM Trojan horse program that deletes all the files on your
hard drive.
The AOL4FREE Macintosh Program was originally written to provide
illegal free access to America Online. In the March 1997 issue of
the CSI Computer Security Alert the following statement was made
concerning the creator of that program:
"A former Yale computer science student has pleaded guilty to
defrauding America Online. AOL estimates it lost between $40,000
and $70,000 in service charges because the student distributed his
computer program, AOL4FREE, to hundreds of other users."
Note that any attempt to use the original AOL4FREE program may
subject you to prosecution.
The second item is the AOL4FREE Virus Warning Hoax message. The
following message has been circulating around the Internet, warning
of a virus infected e-mail message: VIRUS ALERT!!! DON'T OPEN E-MAIL
NOTING "AOL4FREE"
Anyone who receives this must send it to as many people as you can.
It is essential that this problem be reconciled as soon as
possible. A few hours ago, I opened an E-mail that had the subject
heading of "AOL4FREE.COM". Within seconds of opening it, a window
appeared and began to display my files that were being deleted. I
immediately shut down my computer, but it was too late. This virus
wiped me out. It ate the Anti-Virus Software that comes with the
Windows '95 Program along with F-Prot AVS. Neither was able to
detect it. Please be careful and send this to as many people as
possible, so maybe this new virus can be eliminated.
This message has several problems that identify it as a hoax. 1.
A virus like program can not spread in an e-mail message. While
an infected program could be attached to an e-mail message, the
e-mail message itself cannot contain one in any form that could be
executed. 2. A virus or Trojan horse program can not infect a
system by simply being read. The current mail readers do not
execute an e-mail message, they display it on the screen for you to
read. You must take care when downloading an attachment to an e-mail
message. In some mail readers you can double click on the attachment
icon to have it extracted and opened by whatever program created
it. If that attachment is a program, it is downloaded and run, and
running any program you have not scanned could cause you to be
infected with a virus. 3. While this warning message is a
hoax, the things it describes could be accomplished with a Trojan
horse program. That Trojan horse could then be attached to an e-mail
message and if the reader downloads and executes the Trojan horse
program, it could do the damage described in this message. In fact,
someone has done that as is explained below.
The third item is the AOL4FREE.COM Trojan Horse. This program
appears to be the AOL4FREE program that creates fraudulent AOL
accounts (though it is a DOS program instead of a Macintosh program)
but is actually a simple compiled DOS batch file that runs the DOS
DELTREE command on the C:\ directory of a DOS/Windows machine. The
DELTREE command deletes all files in a directory, including the
directory itself and any subdirectories in that directory. The
effect is to delete all files on the C: drive of a DOS/Windows
machine. If you should come across this program from any source, do
not run it. For more information see CIAC Bulletin H-47a:
AOL4FREE.COM Trojan Horse Program Destroys Hard Drives.
CIAC ALWAYS recommends that software downloaded onto a computer from
any source (BBS, e-mail attachment, floppy, web) be scanned with
antivirus software prior to being run. Note that most antivirus
software does not detect Trojans, so it is important to know where
your software came from before executing it.
Copyright 2004 by Jay Jennings
|