Monthly Archives: March 2011

ST04-009: Identifying Hoaxes and Urban Legends

Original release date: March 10, 2011 | Last revised: February 06, 2013

Chain letters are familiar to anyone with an email account, whether they are sent by strangers or well-intentioned friends or family members. Try to verify the information before following any instructions or passing the message along.

Why are chain letters a problem?

The most serious problem is from chain letters that mask viruses or other malicious activity. But even the ones that seem harmless may have negative repercussions if you forward them:

  • they consume bandwidth or space within the recipient’s inbox
  • you force people you know to waste time sifting through the messages and possibly taking time to verify the information
  • you are spreading hype and, often, unnecessary fear and paranoia

What are some types of chain letters?

There are two main types of chain letters:

  • Hoaxes – Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information. Phishing attacks could fall into this category (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Urban legends – Urban legends are designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. Another common form are the emails that promise users monetary rewards for forwarding the message or suggest that they are signing something that will be submitted to a particular group. Urban legends usually have no negative effect aside from wasted bandwidth and time.

How can you tell if the email is a hoax or urban legend?

Some messages are more suspicious than others, but be especially cautious if the message has any of the characteristics listed below. These characteristics are just guidelines—not every hoax or urban legend has these attributes, and some legitimate messages may have some of these characteristics:

  • it suggests tragic consequences for not performing some action
  • it promises money or gift certificates for performing some action
  • it offers instructions or attachments claiming to protect you from a virus that is undetected by anti-virus software
  • it claims it’s not a hoax
  • there are multiple spelling or grammatical errors, or the logic is contradictory
  • there is a statement urging you to forward the message
  • it has already been forwarded multiple times (evident from the trail of email headers in the body of the message)

If you want to check the validity of an email, there are some websites that provide information about hoaxes and urban legends:

Authors: Mindi McDowell and Allen Householder

This product is provided subject to this Notification and this Privacy & Use policy.

ST06-006: Understanding Hidden Threats: Corrupted Software Files

Original release date: March 09, 2011 | Last revised: February 06, 2013

Malicious code is not always hidden in web page scripts or unusual file formats. Attackers may corrupt types of files that you would recognize and typically consider safe, so you should take precautions when opening files from other people.

What types of files can attackers corrupt?

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a website. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files (such as a particular piece of software running on a particular operating system) or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses (see Why is Cyber Security a Problem? for more information). However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including

  • interfering with your computer’s ability to process information by consuming memory or bandwidth (causing your computer to become significantly slower or even “freeze”)
  • installing, altering, or deleting files on your computer
  • giving the attacker access to your computer
  • using your computer to attack other computers (see Understanding Denial-of-Service Attacks for more information)

How can you protect yourself?

  • Use and maintain anti-virus software – Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.
  • Use caution with email attachments – Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first (see Using Caution with Email Attachments for more information). Not only is it possible for attackers to “spoof” the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads and opens attachments, check your settings to see if you can disable this feature.
  • Be wary of downloadable files on websites – Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a website certificate (see Understanding Web Site Certificates for more information). If you do download a file from a website, consider saving it to your computer and manually scanning it for viruses before opening it.
  • Keep software up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
  • Take advantage of security settings – Check the security settings of your email client and your web browser (see Evaluating Your Web Browser’s Security Settings for more information). Apply the highest level of security available that still gives you the functionality you need.

Related information

Author: Mindi McDowell

This product is provided subject to this Notification and this Privacy & Use policy.

Women’s (in DOE Science) History Month info at OSTI

Do you need info for Women’s History Month? Think Women in DOE Science History. Ada Yonath, 2009 Nobel Prize in Chemistry, Barbara McClintock, 1983 Nobel Prize in Physiology or Medicine; and Maria Goeppert-Mayer, 1963 Nobel Prize in Physics, are featured at the DOE R&D Accomplishments website. Yonath counts as a double bonus if you also need info for the International Year of Chemistry. All three researchers accomplished their award-winning discoveries through work at DOE labs. A few facts (more can be found at the DOE R&D Accomplishments site):

  • Yonath established the Weizmann Institute in 1970, which was for almost a decade the only protein crystallography laboratory in Israel.
  • Among McClintock’s many honors for her discovery of mobile genetic elements is a U.S. Postal Service Stamp dedication.
  • Goeppert-Mayer, for development of the nuclear shell model, was the second woman to receive the Nobel Prize in physics (following Marie Curie) and the fourth American woman to win a Nobel Prize.

DOE R&D Accomplishments is a central forum for information about significant outcomes of past DOE R&D widely recognized as remarkable advancements in science.

OSTI honored with Anderson County Combined Federal Campaign Awards

Office of Scientific and Technical InformationAt the Anderson County Combined Federal Campaign (CFC) 2010 Awards Luncheon today, OSTI was honored with two awards: a 1st Place Gold Award “for setting the mark in employee participation to the 2010-2011 Combined Federal Campaign in Anderson County” and a 2nd Place Silver Award “for setting the mark in per capita giving to the 2010-2011 Combined Federal Campaign in Anderson County”. Several members of the OSTI staff were also recognized for their help and generous contributions. The mission of the CFC is to promote and support philanthropy through a program that is employee focused, cost-efficient, and effective in providing all federal employees the opportunity to improve the quality of life for all.