[Dixielandjazz] Virus protection trick is a hoax

Charlie Hooks dixielandjazz@ml.islandnet.com
Wed, 05 Jun 2002 13:10:10 -0500

Tried the aaaaaa@WormAlert virus defense.  Not only did it not work as
promised, but it also prompted the following response from an actual

From: wormalert-admin@somewhere.com (Kee Hinckley)
Reply-To: wormalert-admin@somewhere.com (Kee Hinckley)
Date: Wed, 05 Jun 2002 12:36:19 -0400
To: Charlie Hooks <charliehooks@earthlink.net>
Subject: Re: <no subject>

In reply to a message from Charlie Hooks <charliehooks@earthlink.net>.
More than 5000 auto-replies so far.

Hash: SHA1

You are receiving this message because you either sent mail to the address
wormalert@somewhere.com (or some variation on it), or someone sent mail to
you and a copy to wormalert@somewhere.com.  We are trying to stop this hoax,
and this is the best way we can think of to do that.  This is an automatic
reply message, however we will read any replies to this message.

There is a message traveling around advising people that they should add an
entry called "wormalert@somewhere.com" to their address book and give it the
name "AAAAAA".  This (so the rumour goes) will allow them to detect when
get a virus, because the virus will send mail to that address first, they'll
get the bounce, and then they'll know that they have a virus and can stop
The message sometimes even claims the bogus address will somehow "stop" the
virus from spreading.

This is a hoax, it does not work.  In fact, the wormalert address receives
70 to 80 viruses every day--all from people who put it in their address book
because they thought it would protect them.

1. If a virus has infected your computer, it's too late.  Even if you did
the bounce, the virus has already had time to send to everyone in your
book and fully infect your computer.  Time to restore from backups.  (You do
run backups don't you?)

2. Most viruses don't scan your address book in alphabetical order.

3. A false address is not going to keep a virus from sending messages to
other address. Even if the virus didn't ignore errors, the bounces occur as
returned mail, not something that happens immediately.

4. Most viruses forge the from address (the Klez virus sets it to the
of someone else in your address book).  That means that even if the virus
send to the fake address, it wouldn't bounce to you, it would bounce (with a
copy of the virus) to someone else.  So all you are doing is *helping* the

What you are seeing is the creation of a computer superstition.  It's right
there with using garlic cloves to ward off the plague.  And like most
superstitions, it's making people ignore the *real* way to combat the
False beliefs can be dangerous.

There is absolutely no substitute for anti-virus software.  If you run
Windows, run anti-virus software.  And you *absolutely* must update the
definitions every week.  Not once a year, not once a month.  Once a week.
you're paranoid (I am), update it once a night.  If you are not willing to
that, I strongly suggest you go buy a Mac.  I get 2000 attachments every
and around 70,000 email messages.  In 13 years of using a Mac I've been
infected by *one* virus, ten years ago.  In 20 years of using Unix computers
I've had none.  The only recent viruses I've received that *could* have
infected my computers were Microsoft Word viruses--and those got caught by
anti-virus software.  That's not to say I don't run Windows either--but I
read mail on Windows machines, and I don't put them directly on the
it's just not worth the hassle.  So, either use a platform that virus
don't target, or run anti-virus software and keep all of your software

If you really want to help your friends and protect them from viruses, cut
paste the following virus cure and send *it* to everyone in your address

                    How to Protect Yourself from Viruses

1. Run anti-virus software and update the virus descriptions weekly.
2. Check weekly or monthly for security updates to your OS, email, browser,
and office applications.  (Microsoft, Apple and the Linux vendors all
automatic mechanisms to do this--use them).
3. Backup your computer.
4. Relax, you've done everything you can--time to forward some more jokes.

For more information about who we are (so you can see if *this* message is
telling the truth) see http://consulting.somewhere.com/.  I run
an internet development consulting company (web development, programming,
security and the like).  You can also search for my name on the internet to
find out who I am.  If you're really curious, Google Groups has postings of
mine going back to 1983 or so.  You'll note that the hoaxes you recieve in
email seldom give you a place to go and confirm them, let alone attach a
you can easily track down and verify.

P.S. I strongly recommend the following two sites for information about
viruses and hoaxes.

http://www.datafellows.com/virus-info/ is run by an anti-virus company,
anti-virus companies have similar pages--this just happens to be the one I
You can use this site to search for information about real viruses and virus
hoaxes.  Always check one of these sites before acting on any virus alert
receive.  (Especially the ones that tell you to immediately delete system
critical files on your disk.)

http://www.snopes.com/ specializes in debunking hoaxes.  If you get mail
lost children, exploding glasses of water, donations to cancer funds, free
money or coupons or animations for forwarding email, sterilization drugs
in rapes, Jane Fonda's causing POW deaths..., this is the place to find out
whether they are hoaxes.  (Yes, those are all hoaxes.)

P.P.S.  A lot of the email we see sent to this address is forwarded, and it
has all of the original email addresses in it, going back several
of forwarding. You don't know where a message is going to end up in the end
(after all, you didn't expect us to get this one, did you?). Would you like
some stranger to have your email addresss?  Eventually many of those
may end up in some spammer's list.  It would be polite to remove people's
email addresses from messages before you forward them.  And besides, it
the message easier to read if it doesn't start off with 100 lines of email

** This is an automated reply to a message sent to wormalert@somewhere.com
** To communicate with a human, send mail to wormalert-admin@somewhere.com
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org