Whatever happened to the unlikely lads? A hoaxing metamorphosis

David Harley ESET
Randy Abrams ESET

Once upon a time the most problematic chain emails were virus hoaxes, as exemplified by the Good Times hoax: however, perhaps the last really innovative malware-related hoaxes were the SULFNBK and JDGBMGR hoaxes of the early noughties. Since then, most anti-malware companies have virtually lost interest in memetic malware as its links with real, programmatic malware have declined. But does this mean the problem has gone away?

Unfortunately, it hasn't. Somewhere in the no man's land between malware and spam, the chain letter continues to create a range of problems for system administrators and IT support departments, from choked mail servers to choked support lines. However, it has also created both emotional and practical problems for the recipients as hoaxers have learned to apply increased pressure by hanging hoaxes and semi-hoaxes onto real life tragedies and disasters like the 2004 tsunami and missing children like Madeleine McCann.

This paper traces the changes in the Meme Machine from the 1990s to 2009, from the Jeffrey Mogul metavirus to the tsunami-related hoaxes that intermittently crippled public sector communication channels in the UK in the present decade, and considers some of the most recent examples, looking at underlying mechanisms as well as topical content. What has changed? What measures should we be taking to steer our users and customers away from the submerged 9/10 of this under-publicized iceberg? And if the security industry doesn't own the problem, who does?


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.