Security experts warn against June 1 virus hoax

An e-mail hoax circulating around the Internet in a variety of languages calls on users to trash the SULFNBK.EXE file in Windows 98. Security experts said the message should be ignored because deleting the file could damage the Microsoft Corp. operating system.

The CERT Coordination Center at Carnegie Mellon University in Pittsburgh issued an activity alert on the e-mail threat Tuesday. The alert tells readers that the e-mail was written in several languages and specifically refers to the SULFNBK.EXE file, a utility that can help users restore long file names.

The hoax first appeared in Portuguese several weeks ago, said Joe Hartmann, director of North American virus research at Trend Micro Inc., a security vendor in Cupertino, Calif. Soon afterward, it was translated into English and sent out around the world.

In its current form, the hoax warns people that if they don't trash the SULFNBK.EXE file on the their PCs, a virus will erupt June 1 and wipe out their hard drives and all their files, Hartmann said. But that isn't true, he added.

CERT spokesman Bill Pollak said anyone who gets the e-mail should delete the message and not forward it to anyone.

"This e-mail message is a hoax," the CERT advisory reads. "Although SULFNBK.EXE file may be infected by a number of valid viruses, the mere presence of the file as described in the message is not a sign of a virus infection."

Hartmann said a diabolical twist to the hoax is that in singling out the SULFNBK.EXE file, it hints at an actual virus. He added that there's currently a virus circulating in North America that will e-mail infected SULFNBK.EXE files to users.

"But that is something different from the hoax; they are two different things," Hartmann said. If you receive an e-mail telling you to delete SULFNBK.EXE, ignore it; if you receive someone else's SULFNBK.EXE as an attachment, delete it, he advised.

Hartmann said his company became aware of the hoax when people began searching the Web site and the company's virus tracker for technical details about SULFNBK.EXE. The jump in interest spurred the company to begin investigating, he said.

Hartmann said "authority" hoaxes such as these are becoming more common and usually share a theme.

"They use authority from someone else," he said. "They claim they are from IBM or Microsoft, but these companies never do announcements like this. One claimed that the Centers for Disease Control in Atlanta was warning people about a virus. The CDC never makes announcements about computer viruses."

Related stories:


Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon