The Monopoly Virus Email Warning Is Load of Hooey

Last significant update: 16 August 1999

This information can be freely reproduced in any medium, as long as the information is unmodified.

Thanks to Stephen Gendler for first bringing this to our attention on August 10, 1999.

We've received several queries about the "Monopoly virus" -- unfortunatly often claimed to have been forwarded from "reputable" rources like Microsoft or the U.S. Military. There are several points to consider here:

1. Monopoly is indeed something that exists

2. Then again, so too do some 44,000 other viruses

3. Of those, perhaps 300 or so are a significant problem anywhere in the world

4. Monopoly is not one of the problem 300

5. In fact, Monopoly has not yet been reported to be "In The Wild" anywhere in the world.

Unfortunately, a less than scrupulous antivirus company saw fit to announce this new virus with a lot of brouhaha, probably as a marketing ploy. This has the sad side effect of forcing other antivirus companies to react, which to some degree appears to legitimize the warning: "If all the antivirus companies have a Monopoly blurb on their web site, it must be a problem, right?"

Wrong.

It's a lot easier to say to a customer "Yes, we handle that" than to explain that it isn't a threat, so vendors just a web page that says the thing isn't much of a threat, add detection for the thing whenever there is an opportunity (after dealing with more important, real threats). This makes it a lot easier on the antivirus vendors' tech support departments. there

Of course, at some time Monopoly may become a real problem, but I'm betting against it. This is probably a good place to note that email purportedly from "Microsoft" or "the Military" (or "AOL" or "IBM" or ....) means next to nothing so far as being qualified to speak intelligently about security matters, though there certainly are some very well qualified individuals at some of those institutions.

[I suspect that some of them, however, do not have such professionals, though I won't name names.]

So what should be done when one receives such a "warning", whether known to be true, known to be false, or of undetermined status?

I propose the following:

1. End users should NEVER forward along "warnings" to *anyone* except qualified security personnel. If one gets such email in the work environment, then it should sent to the security folks.

   If you don't have access to such a group, then contact a reputable group like U-M Virus Busters (assuming that you think we're reputable, that is!).

   If this is in a home use context, then contact perhaps one's Internet service provider (ISP) or, again, someone like us.

   Or just delete the blankety-blank thing.

2. Security folks, upon receipt of such an email, should fact check, and then debunk. Ideally, this debunking will include facts that demonstrate why the hoax is bogus, including URLs, phone numbers, and or email addresses where one can get more information or contact the security personnel. One hopes that this information will be ok to forward to anyone, but it is acceptable if it is for internal use only.

3. In the exceedingly rare case that the thing is real, then security personnel should compose a message ONLY to their own members (and perhaps security personnel at other companies) that includes facts. *is directed at ONLY the folks who are affected by whatever the problem is, and contact info as above, but is clearly marked "For internal use only". That clause should be strictly enforced, too -- otherwise this turns into chain mail, if not a hoax.

   Note that such an alert might also come from the vendor of the product affected, e.g., direct from Microsoft, *with lots of proof that it indeed does come from the purported source*. Again, this should be directed to security personnel and affected users, not "at large."

1. End users never forward "alerts" to other end users.

2. Every alert received comes from an expert source -- whether debunking a hoax or making a real warning. In the latter case, note that not only does it come from an expert source, but also one known to the recipient.

This pretty much squelches hoaxes.

Bottom line: never forward this drek, and you'll be right more than 99.999% of the time. Yes, that's from real stats collected since '96.

[My opinion, of course, re: protocol. My colleagues might have different views.]

Please do not forward this -- or any other hoax -- to all your friends.

Instead, you should reply to the sender -- and as far back up the email chain as you have energy -- informing the originators that this is a hoax. For this particular hoax, I suggest that you provide a pointer to this URL (http://www.umich.edu/~virus-busters/hoaxes/monopoly.html)
For virus or hoax info, please see our main page (http://www.umich.edu/~virus-busters/) or go to another reputable site, like DataFellows (leaving our site).

   -BPB

visits to this page since 16 August, 1999 14:14 EDT