Security Staff Scramble To Fight Virus Hoaxes

LOS ANGELES -- An increase in hoaxes claiming that reading e-mail will unleash viruses capable of doing hideous things to personal computers has prompted computer security experts to step up efforts to debunk these myths.

The hoaxes -- with strange names such as Deeyenda, Penpal Greetings, NaughtyRobot and AOL4FREE -- are creating a virtual headache for government officials.

Virus hunters at the Energy Department's Computer Incident Advisory Capability unit say hoaxes cause more problems then actual computer viruses by tying up phone lines and staff time.

"Nine of the 10 phone calls we receive on viruses are related to hoaxes. We're spending all our time working on these and not on viruses," said William Orvis, a computer security expert at CIAC, which monitors "malicious software" for the federal government.

But the Internet's global reach, the ease of sending e-mail, a tendency to believe messages that arrive on the computer and the difficulty of tracking the genesis of a message allow hoaxers to scare computer users with impunity.

"Up until now there hasn't been a need for training on how to identify a hoax," said Jonathan Wheat, senior anti-virus laboratory analyst at the National Computer Security Association, an industry trade group in Carlisle, Pennsylvania. "The only way to get a virus from e-mail is by opening an attachment, not just by reading the message itself."

Players in the fiercely competitive anti-virus software market are concerned widespread hoaxes undermine the industry's ability to warn consumers about viruses that pose a real threat to their systems.

"Virus hoaxes reduce the credibility of real virus alerts because they cause people to become numb to all warnings," said Alex Haddox, product manager for the Santa Monica-based Symantec AntiVirus Research Center. Symantec makes Norton AntiVirus software.

To combat hoaxes, government and industry officials have created web sites that list the "latest and greatest" myths and delineate steps consumers can follow to spot phony e-mail.

CIAC has received 220,000 hits on its hoax Web page at

ciac/CIACHoaxes.html since January. Symantec's hoax site at http://www. has worked to reduce calls to the company from software users inquiring about hoaxes, Haddox said.

Anti-virus research company McAfee says it has seen the number of repeat questions it gets about hoaxes drop since it created a hoax web page ( Dr. Solomon's also has a hoax page at /vircen/hoax.html.

Virus watchers also say media coverage of hoaxes works to perpetuate the myths even further. Hoaxes make wild claims about what viruses can do to your computer system, including melting your monitor or eating your hard drive. Some even go so far as to say that your computer will jump off of the desk.