Top ten security urban legends revealed

Posted by   Virus Bulletin on   Oct 12, 2004

Most common cyber security myths unveiled as part of Cyber Security Month.

Secure Computing has revealed the 'top ten cyber security urban legends' as part of Cyber Security Month in the US. The list was compiled using data from the company's support calls, customer requests, and from monitoring Internet discussion groups.

The top ten reads as follows:

• Hackers can legally break into web sites that lack 'warning' notices. This is untrue - breaking into websites is not legal, whether they carry warning notices or not.

• Some Windows system files are really malicious and should be deleted. This myth is perpetuated by the jdbgmgr.exe and SULFNBK.EXE hoaxes.

• Hotel card keys secretly record personal information, which could be maliciously taken advantage of without the person knowing.No known hotel room keycard contains personal information. The information encoded on these cards is limited to room number, check out time, and other non-identifying information.

• Including a fake entry in your email address book will prevent email Trojans. Secure Computing's debunking of this myth lets itself down somewhat, by suggesting that Trojans use the email address book to replicate. Of course, Trojans do not replicate. However, a common myth is that creating a fake entry in the email address book labelled 'AAAAA' or '000000' will prevent email worms from spreading.

• A digital cell phone can be infected with a virus merely by answering a phone call. Currently there is no evidence that a virus can be spread in this way.

• Search engine 'crawlers' perform security checks and notify you of vulnerabilities. No known search engine employs this practice.

• Thieves are using lists of 'out of office' auto-replies to target homes for burglary. Although this is feasible, there have not been any cases reported of burglars using this technique.

• Free patches emailed to you will protect your PC from the latest worm or viruses. This, of course, is a sneaky social engineering trick employed by some email worms.

• Signing up with a 'Do Not Spam' registry will stop you from getting spam. There is no official 'Do Not Spam' registry.

• Elf Bowling and Blue Mountain Greeting Cards contain viruses. Two popular software downloads - Elf Bowling and Blue Mountain Greeting Cards, are sometimes rumoured to contain viruses. VB has seen numerous copies of both programs, and each has been a harmless game with no viral content. However, this is no guarantee of the 'cleanliness' of the files per se. Should one of these be executed on an infected machine prior to being redistributed via email, then it is perfectly feasible for the 'originally harmless' games/jokes to become infected and viral.

In collaboration with government and industry partners, the NCSA (National Cyber Security Alliance) declared October 2004 National Cyber Security Awareness Month. The aim of the initiative is to raise awareness of computer security among users - home users will be targeted in week one, small businesses in week two, education audiences in week three, and child safety is the focus of week four.

Posted on 12 October 2004 by Virus Bulletin

Latest posts: