E-mail virus hoax makes users do the dirty work

In the latest perverse trickery pulled off by someone taking pleasure in computer users' pain, a fake virus warning is circulating by e-mail asking people to delete an innocuous and uninfected executable Microsoft Windows file and then pass on the warning to others.

The warning tells users to delete the sulfnbk.exe file, a utility used to restore long file names. The file isn't usually infected, and running a virus check on it will prove fruitless, which just adds to the hoax's credibility. The message warns people that it's a virus undetectable by antivirus software. Diligent users who search for the file and find it may presume the warning was accurate and delete it.

Standard antivirus screens will not detect the warning e-mail itself, because it too is not a virus. But if users comply with the message, by deleting the file and forwarding the e-mail to others, the effect is similar.

The message begins, "FOLLOW THE INSTRUCTIONS, I HAD IT!!!!!...," according to Avert Labs, the anti-virus response division of anti-virus firm McAfee, which itself is a division of Network Associates. "I received this message from a friend and today it is true. I searched for the file following the next instruction and I found it, I had it without knowing," the warning continues, providing instructions for finding and deleting the file.

"We actually received this one two weeks ago, in Portuguese," said Joe Hartmann, director of North American virus research for Trend Micro. "A couple of days ago we received a version in English with some more text, adding a date to it, June 1."

An earlier, real threat -- the Magistr worm -- infected the sulfnbk.exe file, adding to user confusion. This e-mail hoax is unrelated to the earlier worm, which can be detected and destroyed by updated antivirus software.

The IDG News Service is a Network World affiliate.

More on the hoax
Including info on restoring the deleted file. From McAfee.