MCI Telecommunications internetMCI Security Group Report Title: iMCI MIIGS Security Alert Report Name: AOL4FREE Alert Report Number: iMCISE:IMCIIBMERS:041997:01:P1R1 Report Date: 04/19/97 Report Format: Formal Report Classification: MCI Informational Report Reference: http://www.security.mci.net Report Distribution: iMCI Security, MCI Internal Internet Gateway Security (MIIGS), MCI Emergency Alert LiSt (MEALS) (names on file) -------------------------------------------------------------------------- >-----BEGIN PGP SIGNED MESSAGE----- > >- --ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALER T-- >- ---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE--- > > ======= ============ ====== ====== > ======= ============== ======= ======= > === === ==== ====== ====== > === =========== ======= ======= > === =========== === ======= === > === === ==== === ===== === > ======= ============== ===== === ===== > ======= ============ ===== = ===== > > EMERGENCY RESPONSE SERVICE > SECURITY VULNERABILITY ALERT > >18 April 1997 18:00 GMT Number: ERS-SVA-E01-1997:003.1 >=========================================================================== ==== > HYPE ALERT > AOL4Free Virus Hoax > >SUMMARY > > Do not pass along warnings about an "AOL4FREE" program that erases files > when mail is opened. They are false, and a waste of time. Do not run > programs, regardless of their names, received via mail from strangers. > >=========================================================================== ==== > DETAILED INFORMATION > >I. Problem > > A chain letter, claiming that a virus called AOL4FREE will damage data when > received in mail, has circulated widely since March, 1997. > > THE WARNING IS A HOAX: there is no such virus, and simply opening mail does > not cause attached programs to run. > > There is at least one malicious program called AOL4FREE.COM that does erase > files, but the program has been sent to only a few people. As long as you > do not run programs received from strangers, it cannot harm you. Warnings > about a non-existent "AOL4FREE HARD DRIVE VIRUS," on the other hand, waste > time and resources. > >II. Solution > > Chain letters attempting to warn everyone about such episodes are not > productive. Refering people to reliable web sites with critical virus > warnings and "hype alerts" is preferable. > > See IBM's anti-virus site at: > > http://www.av.ibm.com/ > >III. Explanation > > Any virus hoax, such as Good Times or AOL4FREE, can be followed by someone > naming harmful code after the hoax. This does not make the hoax real, but > it can create a second level of confusion. > > If the "follow up" harmful code is a virus, i.e., it replicates itself and > begins to spread, its signature will be quickly added to reputable > anti-virus software. > > If it's a Trojan horse which does not replicate itself, it will not become > widespread, and no one who avoids running programs from untrusted sources > will be harmed. > > Widespread mail warnings are unnecessary in either case. > >IV. Acknowledgements > >IBM-ERS would like to thank David Chess of the IBM High Integrity Computing >Laboratory for his assistance in developing this advisory. > >=========================================================================== ==== > >IBM's Internet Emergency Response Service (IBM-ERS) is a subscription-based >Internet security response service that includes computer security incident >response and management, regular electronic verification of your Internet >gateway(s), and security vulnerability alerts similar to this one that are >tailored to your specific computing environment. By acting as an extension >of your own internal security staff, IBM-ERS's team of Internet security >experts helps you quickly detect and respond to attacks and exposures across >your Internet connection(s). > >As a part of IBM's Business Recovery Services organization, the IBM Internet >Emergency Response Service is a component of IBM's SecureWay(tm) line of >security products and services. From hardware to software to consulting, >SecureWay solutions can give you the assurance and expertise you need to >protect your valuable business resources. To find out more about the IBM >Internet Emergency Response Service, send an electronic mail message to >ers-sales@vnet.ibm.com, or call 1-800-742-2493 (Prompt 4). > >IBM-ERS maintains a site on the World Wide Web at http://www.ers.ibm.com/. >Visit the site for information about the service, copies of security alerts, >team contact information, and other items. > >IBM-ERS uses Pretty Good Privacy* (PGP*) as the digital signature mechanism for >security vulnerability alerts and other distributed information. The IBM-ERS >PGP* public key is available from http://www.ers.ibm.com/team-info/pgpkey.html. >"Pretty Good Privacy" and "PGP" are trademarks of Philip Zimmermann. > >IBM-ERS is a Member Team of the Forum of Incident Response and Security Teams >(FIRST), a global organization established to foster cooperation and response >coordination among computer security teams worldwide. > >Copyright 1997 International Business Machines Corporation. > >The information in this document is provided as a service to customers of >the IBM Emergency Response Service. Neither International Business Machines >Corporation, Integrated Systems Solutions Corporation, nor any of their >employees, makes any warranty, express or implied, or assumes any legal >liability or responsibility for the accuracy, completeness, or usefulness of >any information, apparatus, product, or process contained herein, or >represents that its use would not infringe any privately owned rights. >Reference herein to any specific commercial products, process, or service by >trade name, trademark, manufacturer, or otherwise, does not necessarily >constitute or imply its endorsement, recommendation or favoring by IBM or >its subsidiaries. The views and opinions of authors expressed herein do not >necessarily state or reflect those of IBM or its subsidiaries, and may not be >used for advertising or product endorsement purposes. > >The material in this security alert may be reproduced and distributed, >without permission, in whole or in part, by other security incident response >teams (both commercial and non-commercial), provided the above copyright is >kept intact and due credit is given to IBM-ERS. > >This security alert may be reproduced and distributed, without permission, >in its entirety only, by any person provided such reproduction and/or >distribution is performed for non-commercial purposes and with the intent of >increasing the awareness of the Internet community. > >- ---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE--- >- --ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALER T-- > >-----BEGIN PGP SIGNATURE----- >Version: 2.7.1 > >iQCVAwUBM1fBU/WDLGpfj4rlAQGEKgP7B3QKEMzXEbviLqVDYlfqt5F+byEA1TcU >N2RVcQaTVDHcEnTlQ3Vv355JvetMKD8thCjJaITPvjo9odnQv5Nq/VAfH6gIaQH3 >qq8h7wpuNqQscgfmeojWZfSMRz9IWDT9DoPlIAdl5nNtNDuXfU+NcLTWB+/hDi5U >Err7IYmBznY= >=4AVa >-----END PGP SIGNATURE-----