According to Sophos, the false virus warnings continue to prompt many to follow the instructions on the hoax message by deleting sometimes-vital files – and then compound the problem by forwarding the hoax instructions to friends. Those friends, in turn, trusting the instructions received from a known (and presumably trusted) associate, do the same thing – and so on, and so on. Sophos released its top 10 hoax list last week.
Topping the December list for the eighth month in a row was an e-mail that urged users to delete a legitimate file called jdbgmgr.exe from their computer. The original version of this hoax claims that this file is a virus spread by MSN Messenger, while a later version claims that deleting it will remove the Bugbear-A worm from a system, according to a CNET story said.
Both claims are false, and antivirus experts believe the connection with Bugbear is because the icon of jdbgmgr.exe is a small, gray teddy bear, according to CNET.
The jdbgmgr.exe e-mail made up 13.7% of all hoaxes reported to Sophos in December. Most of the other popular hoaxes were false warnings about certain e-mails or programs, which they claimed were actually viruses. These included a claim that a screensaver based on the Budweiser Frogs was actually a dangerous virus, and another alleging that an e-mail with the subject line “A virtual card for you” contained a virus that will “permanently destroy a hard disk” when opened.
A Christmas Day Attack?
A similar e-mail claimed that a bowling game in which elves were used in place of bowling pins contained a virus that would strike on Christmas Day, CNET said.
Even though such hoaxes didn’t encourage the reader to delete files from their machine, they are harmful because -by urging that they should be distributed to as many people as possible -they waste both time and bandwidth.
Also on the Sophos list is an e-mail that claimed Microsoft was conducting an audit of Hotmail users and that anyone who failed to forward the e-mail on to other Hotmail accounts would see their own account deactivated, as Microsoft would conclude that it was no longer being used.