Related Resources • Glossary of Terms • Hoax Encyclopedia • The Hoax That Cried Virus

Elsewhere on the Web • Urban Legends site   • Infoguerra Article    (in Portuguese)

Hoaxes. Many people believe them. Others aren't so sure but forward them anyway "just in case". No matter how you slice them, hoaxes are a problem and now they've taken a new tack. Originating in Brazil, a new hoax alleges the file SULFNBK.EXE is in fact a virus and urges users to search their system for the presence of the file. The hoax warns, even "Norton did not discover it". Perhaps this is because the file is not infected.

A word of caution. Any executable file has the potential to be infected. Worse, viruses like Magistr can pick certain files at random, infect it, and send it off via email to others. So the potential also exists for the file SULFNBK.EXE to be plucked by Magistr. Of course, any portable executable (PE EXE) file up to 132K in length could just as easily be sent, so there's no special distinction to the SULFNBK.EXE file.

Just what is SULFNBK.EXE? It's a utility shipped as part of the Windows 98 operating system that allows users to restore long file names. Thus, anyone using the Windows 98 operating system would find this file on their system. If the hoax were received by these users, and believed, many might delete the file thinking their antivirus software had somehow failed to detect the virus. In fact, it wouldn't be the first time signature-based scanners failed to detect a new virus, making the entire hoax even easier to believe.

If you aren't confused yet, you should be. Hoaxes survive simply by causing confusion. They provide just enough real sounding information to guarantee a pretty high degree of faith. The more believable, the more users willing to pass it along. Hence hoaxes are very much like a manually driven virus, relying on the user to deliberately pass along the "infection". In the case of the SULFNBK.EXE warning there's a double whammy: as users pass it along, it clogs email servers and drains resources; and those who delete it may need the file at some point. Worse, this could be a stepping stone to a new trend in hoax writing - targeting necessary system files, warning of dire consequences and instructing users to immediately delete them. If the right files were targeted, users following the warning's instructions could find themselves worse off than if a "real" virus had hit. In other words, hoaxes may soon be featuring malicious payloads deliberately executed by the gullible and unsuspecting user.

Common sense provides the best cure. If you aren't sure, don't forward it. Forget the "just in case" excuse - it's downright dangerous. Unless the warning comes from a known and reputable source, send it to the Recycle Bin and not to your friends and co-workers.

Special thanks to Giordani Rodrigues, editor of InfoGuerra.com for providing details regarding this hoax. His article, in Portuguese, can be found at: http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid988228057,26932,.