Top ten security urban legends revealed

Posted by   Virus Bulletin on   Oct 12, 2004

Most common cyber security myths unveiled as part of Cyber Security Month.

Secure Computing has revealed the 'top ten cyber security urban legends' as part of Cyber Security Month in the US. The list was compiled using data from the company's support calls, customer requests, and from monitoring Internet discussion groups.

The top ten reads as follows:

  • Hackers can legally break into web sites that lack 'warning' notices. This is untrue - breaking into websites is not legal, whether they carry warning notices or not.
  • Some Windows system files are really malicious and should be deleted. This myth is perpetuated by the jdbgmgr.exe and SULFNBK.EXE hoaxes.
  • Hotel card keys secretly record personal information, which could be maliciously taken advantage of without the person knowing.No known hotel room keycard contains personal information. The information encoded on these cards is limited to room number, check out time, and other non-identifying information.
  • Including a fake entry in your email address book will prevent email Trojans. Secure Computing's debunking of this myth lets itself down somewhat, by suggesting that Trojans use the email address book to replicate. Of course, Trojans do not replicate. However, a common myth is that creating a fake entry in the email address book labelled 'AAAAA' or '000000' will prevent email worms from spreading.
  • A digital cell phone can be infected with a virus merely by answering a phone call. Currently there is no evidence that a virus can be spread in this way.
  • Search engine 'crawlers' perform security checks and notify you of vulnerabilities. No known search engine employs this practice.
  • Thieves are using lists of 'out of office' auto-replies to target homes for burglary. Although this is feasible, there have not been any cases reported of burglars using this technique.
  • Free patches emailed to you will protect your PC from the latest worm or viruses. This, of course, is a sneaky social engineering trick employed by some email worms.
  • Elf Bowling and Blue Mountain Greeting Cards contain viruses. Two popular software downloads - Elf Bowling and Blue Mountain Greeting Cards, are sometimes rumoured to contain viruses. VB has seen numerous copies of both programs, and each has been a harmless game with no viral content. However, this is no guarantee of the 'cleanliness' of the files per se. Should one of these be executed on an infected machine prior to being redistributed via email, then it is perfectly feasible for the 'originally harmless' games/jokes to become infected and viral.

In collaboration with government and industry partners, the NCSA (National Cyber Security Alliance) declared October 2004 National Cyber Security Awareness Month. The aim of the initiative is to raise awareness of computer security among users - home users will be targeted in week one, small businesses in week two, education audiences in week three, and child safety is the focus of week four.

Posted on 12 October 2004 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.