Posted by: David Harley | April 3, 2010

Information Week: “seven fantastic Internet hoaxes”

Alice LaPlante published a mildly interesting article on April 1st on “seven fantastic Internet hoaxes” which actually covered rather more than seven individual hoaxes, though several of them weren’t of the kind I’m usually concerned with here.

Actually, I thought at one point that the article was a hoax itself, since it included the following:

Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date.

Halloween??? But since the rest of the article seems quite sane and sensible, maybe this is a late realization of a piece that was started much earlier? Or maybe it was just a whimsical moment in a fairly lighthearted piece. Though I know some of the commentators from whom LaPlante harvested quotes  take the whole hoax issue as seriously as I do. By the way, Alice, Sophos are based in Abingdon, not London. Though since the airport at Kidlington, which is actually further from London than my office, now calls itself London Oxford Airport, perhaps the whole of Southern England now counts as London.

There are a couple of other fairly minor points I’d like to take up, based on some of those comments as well as LaPlante’s own observations.

  1. While spammers might, as Jim Graham of HoaxBusters suggests,  harvest some addresses from chain mail with multiple addresses (for instance on a bot-compromised PC), I think finding gold is overstating it a little. Given all the other ways in which email addresses can be obtained, not many spammers are going to pick through their own mailboxes for chain mail in order to add the addresses of other recipients. And I am concerned, as previously discussed here, that overstating this minor risk encourages the use of blind copying as a mitigation when forwarding chainletters: that’s a problem because it can actually work for the hoaxer by impeding filtering and remediation.
  2. It’s perfectly true that attackers will exploit and even invent stories in order to drive potential victims towards malicious web sites. While to some extent messaging and social network services like Facebook and Twitter are used to spread these stories, they aren’t necessarily hoaxes – see, for instance, the use made of the recent Russian bombings for “blackhat SEO” (Search Engine Optimization), as described at http://www.eset.com/blog/2010/03/29/russian-metro-bombings-here-come-the-ghouls and http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls. This is to ensure that malicious links are near or at the top of the list when people search for a hot topic by keyword on Google and similar services. This is an important security issue, but it’s not quite in the same category as more conventional chainletters and hoaxes, and nor are some of the more blatant examples of photo-fakery and parody.

Still, some old favourites there that may interest you. In recent years, I’ve become particularly interested in the way that some of the most successful chainletters have moved away from virus hoaxes to “sympathy” hoaxes and semi-hoaxes like the Amanda Bundy story described at http://www.snopes.com/inboxer/prayer/bundy.asp, and talked about them in a Virus Bulletin paper called “Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis”, which you can find here.

During the 1990s (in fact, until 2001) I worked for Imperial Cancer Research Fund (now Cancer Research UK), and encountered cancer-related sympathy hoaxes that claimed that the American Cancer Society would benefit financially from each copy of the email that was forwarded (or each address that received it). When I worked for the UK’s National Health Service subsequently, I was frequently asked about other types of cancer-related hoax such as claim that the re-use of plastic water bottles leads to increased exposure to carcinogens. One useful resource I found then was the ACS’s own web page on “Email Hoaxes and Chain Mail” at  http://www.cancer.org/docroot/MED/MED_6_1_Rumors.asp.

David Harley FBCS CITP CISSP
Mac Virus
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://www.macvirus.com
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Advertisements

Responses

  1. Agreed. Sympathy hoaxes seem to be on the rise. Thanks for the post, David. Here is a recent scam that attempted to use sympathy for my buy in:
    http://www.dynamicalsoftware.com/community/fraud/detection

  2. […] because I’m a Londoner Avery Otto commented on my observations on sympathy hoaxes at https://chainmailcheck.wordpress.com/2010/04/03/information-week-seven-fantastic-internet-hoaxes with a link to her own blog article at […]

  3. […] "Information Week: 'seven fantastic Internet hoaxes'” picks up on some themes cited in an article by Alice LaPlante in Information Week, including the use and misuse of the BCC field in email, the use of real and fake news stories in blackhat SEO, sympathy hoaxes and cancer-related hoaxes. (That last category has occupied quite a lot of my professional life, having worked in the past for a cancer research organization and the UK's National Health Service.) […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: