| Author |
Topic: SULFNBK.EXE virus hoax |
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 30 May 2001 7:53 am |
|
There's a hoax email going around that states that c:\Windows\command\SULFNBK.EXE is a virus that will activate on June 1.
In fact, SULFNBK.EXE is part of the Windows distribution. It is used to backup files with long filenames.
If you receive an email about this, please inform the sender that it is a hoax. Some people are deleting this file, which could make it hard for them to backup their system in the future.
------------------
 Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6) |
|
|
 |
Jack Shults
From:
Canadian, Oklahoma U.S.A.
|
Posted 30 May 2001 3:29 pm
|
|
Thanks Bobby,
I had received a note on this but didn't want to delete it yet. I'm glad, now, that I didn't.
------------------
Jack Shults
MSA U-12 |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 30 May 2001 10:40 pm
|
|
Just received this in email from a pal: quote:
Hoaxes. Many people believe them. Others aren't so sure but forward them anyway "just in case". No matter how you slice them, hoaxes are a problem and now they've taken a new tack. Originating in Brazil, a new hoax alleges the file SULFNBK.EXE is in fact a virus and urges users to search their system for the presence of the file. The hoax warns, even "Norton did not discover it". Perhaps this is because the file is not infected.
A word of caution. Any executable file has the potential to be infected. Worse, viruses like Magistr can pick certain files at random, infect it, and send it off via email to others. So the potential also exists for the file SULFNBK.EXE to be plucked by Magistr. Of course, any portable executable (PE EXE) file up to 132K in length could just as easily be sent, so there's no special distinction to the SULFNBK.EXE file.
Just what is SULFNBK.EXE? It's a utility shipped as part of the Windows 98 operating system that allows users to restore long file names. Thus, anyone using the Windows 98 operating system would find this file on their system. If the hoax were received by these users, and believed, many might delete the file thinking their antivirus software had somehow failed to detect the virus. In fact, it wouldn't be the first time signature-based scanners failed to detect a new virus, making the entire hoax even easier to believe.
If you aren't confused yet, you should be. Hoaxes survive simply by causing confusion. They provide just enough real sounding information to guarantee a pretty high degree of faith. The more believable, the more users willing to pass it along. Hence hoaxes are very much like a manually driven virus, relying on the user to deliberately pass along the "infection". In the case of the SULFNBK.EXE warning there's a double whammy: as users pass it along, it clogs email servers and drains resources; and those who delete it may need the file at some point. Worse, this could be a stepping stone to a new trend in hoax writing - targeting necessary system files, warning of dire consequences and instructing users to immediately delete them. If the right files were targeted, users following the warning's instructions could find themselves worse off than if a "real" virus had hit. In other words, hoaxes may soon be featuring malicious payloads deliberately executed by the gullible and unsuspecting user.
Common sense provides the best cure. If you aren't sure, don't forward it. Forget the "just in case" excuse - it's downright dangerous. Unless the warning comes from a known and reputable source, send it to the Recycle Bin and not to your friends and co-workers.
Special thanks to Giordani Rodrigues, editor of InfoGuerra.com for providing details regarding this hoax. His article, in Portuguese, can be found at: http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid988228057,26932,.
|
|
|
|
Cairo Zoots
From:
Moville, Iowa ,next to the west fork of the Little Sioux River
|
Posted 31 May 2001 12:03 am
|
|
 Wow! I got sucked into that one, and I deeply regret the confusion/anxiety that I mistakenly have added to this hoax! My apologies to the members of the Forum. I think I'll go stab myself with .011's for awhile.
------------------
ree-00-dee-doo
|
|
|
|
Jack Stoner
From:
Kansas City, MO
|
Posted 31 May 2001 2:35 am
|
|
I got the message, second handed, but the original person that sent it out, when I sent him a message about it being a hoax was "I wasn't sure and it didn't hurt to send it out". However it does "hurt to send it out" as there are many that never check these things out and if they get an e-mail, especially from someone well known, as this person is, they automatically assume it is legitimate and start sending it out and continue the hoax.
Of note is anyone can be duped, I got a hoax virus alert from a guy that is a Senior computer systems analyst for a northwest aircraft manufacturer.
These things seem to go on forever too. I just got one of the old "Post office is going to charge for each e-mail" that has been circulating for at least 6 years that I know of. You would think after 6 years the hoax would die, but they keep resurfacing.
|
|
|
|
Larry Beck
From:
Pierre, SD
|
Posted 31 May 2001 5:50 pm
|
|
In the past 7 years I have been LAN Administrator at my current place of employment, every single email that said "pass it on", "tell all your friends", etc. has been a HOAX No exceptions, every single one.
If you want advance notice from accurate sources, subscribe to Symantec, MacAfee or one of the other anti-virus companies newsletters. If you are a techie, subscribe to CERT's (Carnige Mellon U. Computer Emergency Response Team) newsletter and you'll learn about vulnerabilities as fast as the crackers do.
------------------
http://members.home.net/lbeck22/ [This message was edited by Larry Beck on 31 May 2001 at 06:51 PM.] |
|
|
|
Dave Van Allen
From:
Souderton, PA , US , Earth
|
|
|
|
Don Walters
From:
Saskatchewan Canada
|
Posted 11 Jun 2001 3:59 pm
|
|
If you did delete the file, please restore it following the instructions at the link Dave VA shows. Don't install the file from an attachment someone sends to you. I got the file as an e-mail attachment and it was infected.
------------------
Don Walters
Carter D-10, 8p/6k
Session 500 with Lemay Mod
[This message was edited by Don Walters on 11 June 2001 at 05:00 PM.] |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 11 Jun 2001 10:01 pm
|
|
So maybe its not a hoax after all. Maybe it's an elaborate plot to get people to delete the file, and then deliberately replace it with a infected file.
Ouch! |
|
|
|
