Forums

News regarding IT Security will be posted here. There will be at least a monthly posting regarding some computer security news. If there are special "out-of-band" notifications, they will be posted here immediately as well. Please refrain from posting your comments/discussion here. If you want to comment/discuss, please post it here.

ICPP Copyright Foundation is Fake

There's a new extortion trojan in circulation.

This one attempts to steal victims' money by bullying them to pay a "pre-trial settlement" to cover a "Copyright holder fine".

The victim is informed that an "Antipiracy foundation scanner" has found illegal torrents from the system. If he won't pay $400 (via a credit card transaction), he might face jail time and huge fines.



And the warnings will not go away. They will reappear every time the user reboots his system.



All of this is completely fake. There is no "ICPP Foundation", and the messages will appear even if the system contains no illegal material whatsoever.

Most importantly: Refuse to pay money to these clowns! If people pay them, the problem will only grow bigger.

The group behind this have even set up an official-looking website at icpp-online.com.



The domain is registered to Mr. "Shoen Overns". The same e-mail address ovenersbox@yahoo.com has been seen before in various other domains, connected to Zeus and Koobface scams.



If you click on the Reports shown by the application, you'll end up on pages such as these:



We tried calling the (Italian) phone number listed on the page: +39 (06) 9028 0658. Unsurprisingly, it goes nowhere.



These pages are hosted at 91.209.238.2, which according to WHOIS belongs to EBUNKER-NET, a "High protected Somalia network". It's running in Moldova.

This is what the payment page looks like:



There is no obvious credit-card payment system connected to the site; they just seem to collect the credit card information.

If you are hit by this trojan, DO NOT PAY. Instead, use an antivirus program that is capable of detecting it to remove the trojan. F-Secure Antivirus detects it as Rogue:W32/DotTorrent.A. You can use our free Online Scanner at ols.f-secure.com to check your system.

The malware is typically located in c:\documents and settings\USERNAME\application data\IQManager\iqmanager.exe. We've seen two versions so far. MD5 hashes of them are cedc2c35bf967027d609df13e937946c and bca3226cc1cfea416c0bcf488082e5fd.


Source: F-Secure Weblog

Facebook Users Hit by Candid Camera Prank Attack

In the latest wave of malware targeted to users of Facebook, there is now a "sexiest video" on the loose that actually installs the Hotbar adware on the user's computer if they click on the link. There will first be a message stating that the video player is out of date and ask the user to download a file. Following that, the same video would be posted to their contacts in Facebook.



The messages read:
<name>, this is without doubt the sexiest video ever! :P :P :P
accompanied by what appears to be a video with the title "Candid Camera Prank [HQ]". The message has what appears to be a movie thumbnail of a woman on a bicycle wearing a short skirt, and the video's length is given as 3:17.

With the recent surge of malware hoaxes and links on Facebook, do exercise caution and don't click links if you think they're malicious.

Source: Sophos Weblog

Embarrassing privacy flaw found on Facebook

The flaw was discovered last week and reported to Facebook by M.J. Keith, a senior security analyst with security firm Alert Logic.

The bug has to do with the way that Facebook checked to make sure that browsers connecting with the site were the ones they claimed to be. Facebook's servers use code called a "post_form_id" token to check that the browser trying to do something -- liking a group, for example -- was actually the browser that had logged into the account. Facebook's servers check this token before making any changes to the user's page, but Keith discovered that when he simply deleted the token from messages, he could change many settings on any Facebook account.

"It's like putting locks on a bunch of stuff but not locking them," he said in an interview.

Keith could make users' private information public, change or read profile information, even add new contact e-mail addresses, he said. "It's pretty bad; you can do a lot of damage with it," he said.

Facebook worked with Alert Logic to fix the bug, known as a cross-site request forgery (CSRF), Facebook spokesman Simon Axten confirmed in an e-mail message. "It's now fixed," he said. "We're not aware of any cases in which it was used maliciously."

But as of late Tuesday afternoon, Pacific time, after Axten sent his e-mail, Facebook had not completely fixed the issue. For testing purposes, Keith created a Web page with an invisible iFrame HTML element that he programmed in Javascript. When the IDG News Service clicked on this page while logged into Facebook, it made the Facebook user automatically "like" several pages with no further interaction.

That's pretty much how an attack would have worked, Keith said. A victim would need to be tricked into clicking on a malicious Web site that contained the Javascript code that exploited the CSRF flaw.

Facebook has been under a lot of heat recently by users who feel it hasn't done enough to protect their privacy, and embarrassing technical glitches like this don't help the social-networking company's case.

Earlier this month, Facebook had to temporarily pull its chat feature, after another bug let users eavesdrop on their friends' private chat sessions.

Source: PC World

New malware attack: watch_video.zip

Email messages are being spammed out with a variety of lurid x-rated subject lines. Attached to the emails is a file called watch_video.zip, which contains malware that (at the time of writing) is not being detected by most anti-virus products.

Emails with other subject lines can have different message bodies, albeit all of a similar pornographic nature.

All of the messages (regardless of different subject lines and message bodies) contain the phrase:

Open attached file to watch video

Source: Sophos Weblog

Twitter Attack

There's another malware run underway on Twitter.

A fairly large pool of fake accounts are sending out messages with popular hashtags and the text "haha this is the funniest video ive ever seen".



People see these messages when they look for trending topics in Twitter.

The shortlinks in the Tweets point to a page under pc-tv.tv, which uses a Java exploit to drop a keylogger / banking trojan combo to your system.

The attack is unusually easy to follow by just looking at the source code of the page. (However, I disagree. This would require people to have basic knowledge of HTML, and of course be very current with malicious software on the loose.)



Source: F-Secure Weblog

Try not to laugh xD: Worm spreads via Facebook status messages

A clickjacking worm spread quickly across Facebook earlier today, tricking users into posting it to their status updates.



The worm, which some have dubbed Fbhole because of the domain it points to, posts a message like the following:

try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=<random number>

(Please do NOT click the link!)
Clicking on the link would display a fake error message that would trick you - through a clickjacking exploit - to invisibly push a button that would publish the same message to your own Facebook status update. We've seen clickjacking exploited by hackers before in attacks on social networks, for instance in the "Don't click" attack seen on Twitter in early 2009.

The good news is that's effectively it. Rather like the "Don't click" Twitter attack, it appears that this latest Facebook security scare was more motivated out of mischief than money.

Source: Sophos Weblog

Distracting Beach Babes video attack hits Facebook users

Thousands of Facebook users are reporting that they have been hit by a malware attack posing as a video of young bikini-clad women on a beach.

The messages are posted on the walls of Facebook members, seemingly from their friends and associates on the site, with a thumbnail which appears to be an image of a young woman's bottom in a bikini.

The messages read:

<name>, this is hilarious! lol :P :P :P Distracting Beach Babes [HQ] Length: 5:32

The "Distracting Beach Babes" scam appears to be the latest incarnation of the widespread "Sexiest Video Ever" assault we saw spreading on Facebook last weekend, installing adware onto victims' computers which can make money for the hackers behind the attack.

And you shouldn't be in any doubt as to how successful a scheme like this can be. Many Facebook users are all-too-comfortable with receiving salacious videos and humourous links from their friends, and will click on them without a moment's thought. Unfortunately that can then begin a bombardment of malicious posts to their social networking contacts - do you really want a blitz like this unleashed in your name?

Fortunately, some Facebook users are using the medium to warn each other of the threat:



If you have been hit, you should delete the offending message from your page, scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings. Also, learn an important lesson: don't be so quick to click on unsolicited links and approve unknown applications in the future.

Perhaps most importantly, tell your friends to also do the same.

Source: Graham Cluley, Sophos Weblog

Rogue Testimonials from Rogue Antivirus

The same breed of character that brought you rogue customer service are adding to their con-artist repertoire with rogue product testimonials for their FakeAV. These obviously bogus “True life stories” are just another detail in the social engineering effort to convince victims of their product’s legitimacy.



The actual descriptions are oddly perverse. For example:

Steve J. of New York had his software project stolen through a troyan that got into his computer through some internet site. Steve is still suffering from a strong depression…

and

Thomas S. lost his family over his passion for teen sex sites. His wife turned the computer on and some Teen Sex ad popped up. Next day she left and took both of their kids with her…

Now I’m definitely thinking “I’ve gotta have this software. ”

So what happens when you click the “Free Download” button ? You actually get redirected to a fraudulent payment processing site where you can purchase the software rather than download it. What’s more — the payment site is fully equipped with a genuine SSL certificate from a legitimate certificate authority.



The site uses a domain-validated SSL certificate, which can often be issued with little more than an email address, so they provide absolutely no assurance that the service behind the domain is legitimate. But in order to see the certificate is only domain-validated, you have to manually examine the certificate details and look at the full Subject field contents.

Purchasing digital certificates from legitimate CAs is another angle on malware hiding in plain sight. We will all have to stay on our toes as the fraudsters continue to invest more time and real money into their malicious campaigns.

Source: Sophos Weblog

P.S: If you guys don't understand any terms here, please feel free to voice them out in the discussion topic. Cheers~

Naughty Camera Prank virus hits Facebook users

Reports are coming in that a new attack is spreading virally across Facebook, for the third Saturday in a row.

The attacks come in the form of a message, sent by a rogue Facebook application, saying:

<name>, this is without a doubt the most hilarious video ever. LOL!
Naughty Camera Prank! [HQ]

Facebook users are urged not to click on the videos.

The attack follows one week after the "Distracting Beach Babes" video attack, which itself came seven days after Facebook was hit by another attack dubbed the "Sexiest Video Ever".

In those examples, users who clicked on the video thumbnails were instead taken to an application that told them that if they wished to view the video they had to install an updated player onto their PC. The software downloaded by the users was, in reality, revenue-generating adware. Furthermore, when users gave permission to the Facebook application to execute, it spread the message virally to all of their Facebook friends.

Hopefully, before too much harm is done, Facebook's security team will be hard at work shutting down the rogue applications sending these messages as soon as they pop up.

If you made the mistake of clicking on the video link please play safe by: warning your friends who you may have passed the message onto, scanning your computer with an up-to-date anti-virus, changing your Facebook password, checking your application settings and removing any apps you don't recognise.

Source: Graham Cluley, Sophos Weblog

Viral clickjacking 'Like' worm hits Facebook users

Hundreds of thousands of Facebook users have fallen for a social-engineering trick which allowed a clickjacking worm to spread quickly over Facebook this holiday weekend.

Affected profiles can be identified by seeing that the Facebook user has apparently "liked" a link:



Messages seen being used by the spammers include:

"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

"This man takes a picture of himself EVERYDAY for 8 YEARS!!"

"The Prom Dress That Got This Girl Suspended From School."

"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

Clicking on the links takes Facebook users to what appears to be a blank page with just the message "Click here to continue".



However, clicking at any point of the page publishes the same message (via an invisible iFrame) to their own Facebook page, in a similar fashion to the "Fbhole" worm we saw earlier this month.

The trick, which uses a clickjacking exploit, means that visiting users are tricked into "liking" a page without necessarily realising they are recommending it to all of their Facebook friends.

Unfortunately, as we're all too aware, messages such as "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School." and "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!" are exactly the kind of content that people will click on on Facebook.

Sophos detects the offending webpages as being infected by Troj/Iframe-ET.

If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your "Likes and interests" section.

Source: Graham Cluley, Sophos Weblog

Adobe's products are once again in the firing line, as hackers are reportedly exploiting critical unpatched vulnerabilities in the products Adobe Reader, Acrobat and Flash Player.

Adobe has published a security advisory describing the problems which affect users regardless of whether they're running Windows, Mac OS X, Linux, Solaris or UNIX.

Adobe has labelled the zero-day vulnerabilities as "critical", the most serious rating it has.

Adobe says that Adobe Reader and Acrobat version 8.x are not vulnerable, and that the Flash Player 10.1 release candidate "does not appear to be vulnerable".

Although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal:

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

Mind you, maybe I wouldn't be so bothered about that in actual fact. After all, when would I ever want to open a PDF containing ShockWave Flash content inside it?

Once again, it sounds as if feature-itis (the technical term for a product suffering from excessive inflation of unnecessary features) could have partly been Adobe's undoing in this example. A simple PDF reader without so many bells and whistles might not have suffered from such exploitation.

Brad Arkin, director of product security at Adobe, says that the firm is working on a patch - although it is not yet known when it will be available.

Source: Graham Cluley, Sophos Weblog

Malware found lurking in apps for Windows Mobile



Scammers are distributing apps for Windows Mobile-based smartphones that have malware hidden inside that makes calls to premium-rate numbers across the globe, racking up expensive bills unbeknownst to the phone's owner, a mobile security firm said on Friday.

The apps--3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0--are being distributed on as many as nine popular download Web sites, including DoDownload, GearDownload, and Software112, according to John Hering, chief executive and founder of mobile security provider [url=https://www.mylookout.com/]Lookout.[/url]

Someone has copied the programs and repackaged them with the malware inside, he said. Once the app is installed the virus wakes up and starts dialing premium-rate numbers like in Somalia and the South Pole, Hering said. He added that victims may not know about the problem until they get their phone bill and see that it's $50 or $100 higher than it should be.

Auto-dialer scams are common in Russia and other countries but are still relatively rare in the United States. But that will change. Six months ago, Lookout saw four pieces of malware per 100 phones. Now, that figure has more than doubled to nine pieces of malware for every 100 phones, Hering said.

Hering said Microsoft had been contacted about the issue, but that the problem is not due to any vulnerability in the Windows Mobile software and therefore can't simply be patched.

"Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer," he said. Lookout is one of a growing number of companies that offer software and services to help protect mobile devices from malware and other threats.

Microsoft is aware of the issue and is currently investigating it, said Jerry Bryant, group manager for Response Communications at Microsoft.

"As always, Microsoft continues to encourage customers to follow all of the steps of the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing antivirus and antispyware software," he said. "While Microsoft does not have a mobile AV product we do detect and protect in certain scenarios. The general protect guidance also applies to mobile phone users: http://www.microsoft.com/protect/.";

The hidden auto-dialing malware incidents are noteworthy because they signal a shift from attackers seeking mere notoriety to profit-motivated fraud, Hering said.

"What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform," he said. "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."

Source: Cnet News

The iPhone's data leak is even more extensive than initially assumed. In initial tests, encrypted and locked devices essentially only disclosed music and images. However, The H's associates at heise Security have now managed to connect an iPhone with iTunes under Windows and created a full backup, including such sensitive data as passwords in clear text.

The problem was initially discovered by Bernd Marienfeldt on an Ubuntu system. In that case the Ubuntu system displayed the various folders of a freshly booted iPhone although the phone was locked and had never had any contact with this Linux system before. A locked iPhone is supposed to refuse any communication with devices it doesn't know. However, if the iPhone is accessed while booting, this can frequently result in the phone pairing with unknown devices regardless of those protections. It appears that some system component hasn't finished booting when the connection request is made and, as a consequence, the iPhone's "lockdownd" daemon allows device pairing:

17:21:46 lockdown.c:818 lockdownd_do_pair(): ValidatePair success

The problem, though, is not with Linux or Windows, but with the iPhone. Using the same technique, heise Security also managed to pair a Windows Vista system with an iPhone. While with Linux only a few selected folders on the iPhone were displayed, Windows allowed full system access. For instance, it was no problem to create a complete backup using iTunes, including items such as notes, text messages and even plain text passwords.

Pairing wasn't possible with all devices. What exactly it is that determines whether the iPhone accepts a connection request remains unclear. It certainly isn't determined by the device type, because heise Security managed to trick 3G systems as well as 3GS systems. At least in one case, unwanted pairing became impossible after the iPhone's information about already paired devices was deleted. Apple has not yet answered heise Security's questions about whether and when this problem will be solved.

Hector Martin and a couple of developers of the Linux packages have done some further research on this issue. Martin has come to the conclusion that the problem only occurs if the iPhone was shut down from an unlocked state. During the wake up this state is restored and the device is "open" for a short period of time before the Springboard application wakes up and locks it down. This short period is sufficient for a pairing to occur that ensures permanent access. An iPhone that was shut down in a locked state does not accept the pairing – which corresponds to heise Security's observations. This reduces the risk somewhat, because a lost iPhone in a locked state cannot be tricked into pairing.

Source: ESET NOD32 Threatblog

Spammers beat Steve Jobs in announcing new iPhone



In a few hours time, at Apple's annual World Wide Developers Conference (WWDC) in San Francisco, Steve Jobs is widely anticipated to announce a new version of his company's iPhone to an expectant crowd.

The feverish predictions of past occasions may be a little subdued this time, as a prototype device fell into the hands of Gizmodo back in April.

In fact, one of the few hotly discussed questions remaining is what will the new iPhone be called? The iPhone 4G? Well, although that would make numeric sense after the 3GS model, as it is unlikely to support the 4G cellular network it seems unlikely.

Regardless of its moniker, some spammers seem dead set on stealing Steve Jobs's thunder. At least judging by this spam campaign:



Wow! A free iPhone 4G! That's awfully kind of Apple.

Hopefully no one would be silly enough to believe this email, even if it had been spell-checked properly. But even if they did, the good news is that the folks at TinyURL have already blocked the link - preventing the unwary from being caught out.

Source: Graham Cluley, Sophos Weblog

Changelog 07.06.2010: Hackers spam out malware attack

Have you received a curt email in the last 24 hours with a mysterious attachment called Changelog_07.06.20010.zip? If so, you could be at risk of falling victim to the latest attack launched by malicious hackers.

Poisoned emails have been spammed out worldwide, posing as a legitimate communication.



Typical emails have the following characteristics:

Subject: Changelog 07.06.2010
Message body:

Good afternoon,
as promised,
<Name>

or

Dear customers,
as promised,
<Name>

or

Good morning,
as promised,
<Name>

or

Good day,
as promised,
<Name>

Attached file: Changelog_07.06.20010.zip

where <name> is the first name of the supposed sender of the email. In other words, if the from address says that the message was from "Peter Bathurst" then the email will be signed "as promised, Peter".

The intention of all this subterfuge, of course, is to trick you into opening the attachment - perhaps in the hope that you will be able to ascertain what the communication is all about (especially as there is such scant information in the message itself).

What's curious, perhaps, is that the subject line (which is presumably designed to match yesterday's date - 7th June 2010) doesn't match the filename, which has a seemingly superfluous zero in the year (Changelog_07.06.20010.zip). Perhaps the hackers behind this malicious campaign had buttery fingers and stumbled as they were creating their attack. However, there are some versions of this attack where the hackers *are* using the "correct" filename of Changelog_07.06.2010.zip.

Don't forget the old adage the curiousity killed the cat. Similarly, careless clicking on unsolicited email attachments could lead to the downfall of your data.

Olympus Stylus Tough camera carries malware infection



Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra - a virus on its internal memory card.

The first thing to point out is that the camera itself is not at risk - the autorun worm being carried on its internal memory can not activate on the Stylus Tough camera, but can attempt to infect your Windows PC.

In other words, users are at risk of infecting their Windows computers with the autorun worm when they plug the device into their USB drive, a method of transmission effectively identical to the infected Samsung Wave smartphones reported on last week.

The next thing to recognise is that not all of the Olympus Stylus Tough 6010 cameras are affected. According to the advisory from Olympus Japan, just over 1700 units are at risk - and customers can check if their camera is carrying the malware by checking their serial number via a widget on Olympus's website (sadly, it's only available in Japanese which won't be too helpful for tourists and businessmen who bought the camera while in holiday in the country).



Olympus says it "humbly apologises" for the incident and that it will make every effort to improve its quality control procedures in future.

In the past, other consumer gadgets to have been infected by malware include TomTom satellite navigation devices and Apple Video iPods. Earlier this year, IBM accidentally gave away malware-infected USB sticks at a security conference.

With such a long history of incidents like this, more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware, before they use it on their computer.

Source: Graham Cluley, Sophos Weblog

Spam campaign: exploited Excel files

There is a recent aggressive spam campaign carrying malicious Excel (.xls) files exploiting a 2009 vulnerability.

The Excel file attempts to decrypt, drop and run another executable file, which copies itself to <System>\googletoolbar32.exe and creates a registry entry called “Google Search Engine” to run itself automatically on reboot.

Spam is likely to contain the word “treasury” in the sender’s address (which is faked). Examples include:

“US Department of Treasury” <noreply@usdot.com>
Elizabeth Boucher <elizabeth.boucher_ce@treasury.govt.nz>
Chang Avery <c.averysh@treasurytoday.com>
Many of the spam messages contain references to OFAC, eg:

“Please view the attached report of the declined deposit by OFAC,
the file is a Microsoft Excell Spreadsheet.”

This vulnerability affects recent versions of Microsoft Excel, and Excel Viewer, so be sure if you have Excel that it is fully updated with patches.

Source: Sophos Weblog

Am I dead? Nigerian 419 scammer wants to know

Of course, it's a Nigerian 419 scam and the intention is - ultimately - to trick me into handing over personal information (such as driving license and passport details) and possibly paying them a advance before they (fingers crossed!) transfer millions into my bank account.. but what a wonderful subject line!

ARE YOU DEAD? IF NOT GET BACK TO ME IMMEDIATELY




You may not fall for email scams like this - but it's possible that there are more vulnerable and trusting people in your circle who would. Make sure everyone you know is on the lookout for online fraudsters.

Source: Graham Cluley, Sophos Weblog

Resignation of Barack Obama virus hoax



Once again a virus hoax is spreading quickly over the internet, forwarded by well-intentioned folk who really should have spent more time researching whether the warning was genuine or not.

The warning tells people to look out for emails which have the subject line "Postcard from Bejing" (sic) or "Resignation of Barack Obama" as the attached file can "burn the whole hard C disc (sic) of your computer".

Of course, this is nonsense. The warning shares many similarities with other virus hoaxes we have seen in the past including Olympic Torch, Virtual Card for You and Sector Zero.

The typical text of the hoax warning reads as follows:

Subject: FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'POSTCARD FROM BEJING' or 'RESIGNATION OF BARACK OBAMA ', regardless of who sent it to you. It is a virus that opens A POSTCARD IMAGE, then 'burns' the whole hard C disc of your computer.

This virus will be received from someone who has your e-mail address in their contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail entitled 'POSTCARD FROM BEJING' or 'RESIGNATION OF BARACK OBAMA' even though sent to you by a trusted friend, under no circumstance, do not open it! Shut down your computer immediately.

This is the worst virus announced by CNN last evening. It has been classified by Microsoft as the most destructive virus ever. The virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.

This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.

Hoaxes like this exist because it's so easy to forward an electronic warning to all of your friends and colleagues, and many people who may be suspicious of the warning decide it's better to be safe than sorry.

Internet users should think very carefully before they send a message on to all of their contacts, as they may be perpetuating an irritating hoax. You should always check to see if it is believable, and not a known hoax, before even considering sending it onto other computer users.

It's worth remembering that hoaxes can cause serious problems, as innocent users over-react to the alert. Sometimes users become convinced that they have become infected by the bogus virus, and when their anti-virus software "fails" to find the infection resort to deleting critical files or formatting their hard drive.

Virus hoaxes aren't just a nuisance, they're a menace. By forwarding these hoaxes to your friends and family you could be panicking them into taking the worst possible action.