Having problems with message search?
Hi
everyone,
Please
hold off deleting anything off your computer until I post an update. I’m referring to JBPOWELL’s warning of
a computer virus called “sulfnbk.exe”
As
soon as I read Beth Powell’s email (well-intended, I’m certain) I checked out
the virus at www.urbanlegends.com which is a site that tracks virus hoaxes
and urban legends. Whenever I get
any email that says I should send an email to everyone I know, I get
suspicious.
Anyway, I searched for sulfnbk.exe and here’s a clip of what I found. Just to be certain, I am also
conferring with a computer expert who does consulting for my business. He generally gets back to me quickly,
so stay tuned. Here’s what I found
about sulfnbk.exe. I believe it’s
a hoax and I’m not deleting anything off my hard drive till my computer expert
tells me to. I’ll update the group as soon as I hear back.
And, Beth Powell, I know you probably were anxious to warn us in good faith,
given that you had a virus a while back. Not to worry, these things
happen. Stay tuned till I get the
final word from my computer guy.
sulfnbk.exe virus
(Not to be confused with the Honor System virus...)
A sulfnbk.exe
virus alert surfaced in April 2001. The basic alert achieved immense
popularity with gullible users by late-May 2001. Antivirus vendors declared it
a hoax for the most part -- but Vmyths.com categorizes it as a mass-hysteria
urban legend.
|
Clueless people kept rewriting the sulfnbk.exe
alert. They didn't seem content to forward the warning they received... |
Let's begin with a plausible scenario
of how the sulfnbk.exe hysteria
began. Based on readers' input to our HoaxFYI
service, here's what we think really
happened:
- Someone's PC got infected with the
well-known Magistr
worm/virus. It forwarded itself to others as an attachment in emails.
- One of those emails went out with
an attachment named SULFNBK.EXE. A recipient detected the virus with
antivirus software.
- The recipient searched his PC for
"sulfnbk.exe" -- and he found it. (It's a standard Windows operating system file.) Yet, try as he
might, he couldn't get his antivirus software to detect a virus in that file. So he deleted it from his
PC.
- The well-meaning recipient sent a warning to his colleagues
telling them how to search for the evil file.
- Another well-meaning user received
the warning, found the "virus" on his own system, and sent a
warning of his own. Another well-meaning user received that warning, found the
"virus" on his own system, and sent a warning of his own.
Another well-meaning user received that
warning...
Many
well-meaning users fell prey to False Authority Syndrome when they "detected"
SULFNBK.EXE on their computers. The alert took on numerous forms in numerous
languages -- because so many clueless people kept rewriting the alert. They
didn't seem content to just forward the original warning they received...
McAfee confirms sulfnbk.exe
warnings appeared in English, Spanish, Portuguese, Dutch, and Italian.
Vmyths.com saw French and German versions, and we believe well-meaning
users translated the warnings from one language to another. (Caveat: based on readers' input to our HoaxFYI
service, Vmyths.com believes one of the more popular English variants derived
from McAfee's website.)
The sulfnbk.exe
alert reached critical mass in late-May 2001, and concerned users quickly
made it one of the Top 50
search phrases on Lycos. Lycos pundit Aaron Schatz reported "searches
for the virus [began] about five weeks ago and in the last two weeks have gone
up an obscene 1410 percent." Lycos listed it as the #2 search phrase for the week ending
2 June 2001.
|
Did you get duped? Did you delete the file? Do you want to repair your self-inflicted damage? Click here for details. |
Why did this urban legend turn so quickly into mass
hysteria? Consider the following:
- The basic chain letter identifies
an obscure file found on tens of millions of PCs
-- and it offers simple instructions on how to find the file in question.
- The file's associated icon
looks childish, giving the impression an immature hacker drew it.
- Some variants warned the virus
would activate on "May 25," thereby giving the chain letter
a heightened sense of urgency. Later variants warned the virus would
activate on 1 June.
- Gullible users assumed they found
a dangerous virus -- simply because they found a file on their PC. They
then fell victim to False Authority Syndrome. (Vmyths.com surmises the
25 May & 1 June dates likewise devolved from gullible users
who suffer from False
Authority Syndrome.)
- Many variants of the chain letter
urged people to forward the alert as part of an apology letter:
"if you detect the virus you in turn need to contact everyone you
have send [sic] ANY email to
in the past few months and share this waring [sic] with them."
One
woman obediently wrote to her friends, "I am sorry if Sulfnbk is on your
computer..." A man wrote to his colleagues, "I maight [sic] have unwittingly been spreading a
virus via email..." These apology letters only added to the confusion,
which added to the hysteria's success. Mary Landesman (antivirus.about.com) summed it up quite nicely: "hoaxes survive simply by
causing confusion." And the sulfnbk.exe
hysteria did an excellent job at
causing confusion.
The hysteria probably also erupted for another set of
reasons. Consider the following:
- Antivirus software regularly fails
to detect newly discovered viruses. Examples include Melissa, ExploreZip, MiniZip,
BubbleBoy, ILoveYou, NewLove, KillerResume,
Kournikova, and NakedWife.
- When antivirus software fails, it
fails spectacularly. Examples include all the end-of-the-world stories
about Melissa, ILoveYou, and Kournikova.
- Customers buy antivirus software
knowing it will fail spectacularly.
So
you're staring at a file on your PC. It's SULFNBK.EXE, just like your
podiatrist's secretary warned. Your antivirus software says "everything's
cool," but it said the same thing when Melissa
& ILoveYou struck. What would
you do in this situation? It looks like people overwhelmingly trusted their
eyeballs more than their antivirus software.
Vmyths.com repeats -- the basic sulfnbk.exe alert shows all the markers of
an urban legend, not a
"hoax." We've seen this type of mass hysteria before and
we'll probably see it again.
The correct
translation
If we
translate the sulfnbk.exe chain
letter for the real world, it would read as follows:
I went to the place where I work, and I shouted,
and guess what? I got a response. Creepy! I reloaded twice just to be sure.
Trust me, you need to follow these instructions.
1.
Go to the place where you work.
2.
Shout out, 'can anyone hear me?'
3.
If you get a response, shoot to kill -- it's a homicidal
maniac!
4.
Well, actually, he's not a maniac yet. That's why the police
can't help you. But he'll turn into a homicidal maniac on June 1. Shoot him! Do
it right now! Better safe than sorry!
5.
Good news: you killed the homicidal maniac. Bad news:
everyone you spoke to in the last few months now has a homicidal maniac at
work. Warn all of your friends!
--06/07/01
Kate Brown
Katesource, Inc.
kate@...
(410) 849-2453
Offline 
Send Email