Alice LaPlante published a mildly interesting article on April 1st on “seven fantastic Internet hoaxes” which actually covered rather more than seven individual hoaxes, though several of them weren’t of the kind I’m usually concerned with here.
Actually, I thought at one point that the article was a hoax itself, since it included the following:
Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date.
Halloween??? But since the rest of the article seems quite sane and sensible, maybe this is a late realization of a piece that was started much earlier? Or maybe it was just a whimsical moment in a fairly lighthearted piece. Though I know some of the commentators from whom LaPlante harvested quotes take the whole hoax issue as seriously as I do. By the way, Alice, Sophos are based in Abingdon, not London. Though since the airport at Kidlington, which is actually further from London than my office, now calls itself London Oxford Airport, perhaps the whole of Southern England now counts as London.
There are a couple of other fairly minor points I’d like to take up, based on some of those comments as well as LaPlante’s own observations.
- While spammers might, as Jim Graham of HoaxBusters suggests, harvest some addresses from chain mail with multiple addresses (for instance on a bot-compromised PC), I think finding gold is overstating it a little. Given all the other ways in which email addresses can be obtained, not many spammers are going to pick through their own mailboxes for chain mail in order to add the addresses of other recipients. And I am concerned, as previously discussed here, that overstating this minor risk encourages the use of blind copying as a mitigation when forwarding chainletters: that’s a problem because it can actually work for the hoaxer by impeding filtering and remediation.
- It’s perfectly true that attackers will exploit and even invent stories in order to drive potential victims towards malicious web sites. While to some extent messaging and social network services like Facebook and Twitter are used to spread these stories, they aren’t necessarily hoaxes – see, for instance, the use made of the recent Russian bombings for “blackhat SEO” (Search Engine Optimization), as described at http://www.eset.com/blog/2010/03/29/russian-metro-bombings-here-come-the-ghouls and http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls. This is to ensure that malicious links are near or at the top of the list when people search for a hot topic by keyword on Google and similar services. This is an important security issue, but it’s not quite in the same category as more conventional chainletters and hoaxes, and nor are some of the more blatant examples of photo-fakery and parody.
Still, some old favourites there that may interest you. In recent years, I’ve become particularly interested in the way that some of the most successful chainletters have moved away from virus hoaxes to “sympathy” hoaxes and semi-hoaxes like the Amanda Bundy story described at http://www.snopes.com/inboxer/prayer/bundy.asp, and talked about them in a Virus Bulletin paper called “Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis”, which you can find here.
During the 1990s (in fact, until 2001) I worked for Imperial Cancer Research Fund (now Cancer Research UK), and encountered cancer-related sympathy hoaxes that claimed that the American Cancer Society would benefit financially from each copy of the email that was forwarded (or each address that received it). When I worked for the UK’s National Health Service subsequently, I was frequently asked about other types of cancer-related hoax such as claim that the re-use of plastic water bottles leads to increased exposure to carcinogens. One useful resource I found then was the ACS’s own web page on “Email Hoaxes and Chain Mail” at http://www.cancer.org/docroot/MED/MED_6_1_Rumors.asp.
David Harley FBCS CITP CISSP
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence
Also blogging at: