The California/WOBBLER "Virus" Email
Warning Is A Hoax
by Bruce P. Burrell (bpb@umich.edu)
for the U-M Virus Busters (virus.busters@umich.edu)
Last significant update: 06 June, 1999
This information can be freely reproduced in any medium, as long as the
information is unmodified.
Ho hum. We first saw this obvious hoax at U-M on 25 May, 1999. Thanks to Katherine Spencer for first bringing
this to our attention. Read on to see why it's so easy to debunk:
Subject: FW: New Virus Warning
Dear ALL
Thought you might be interested in this message. If you receive
an email with a file called "California"
First of all, identifying a file by its name is silly; it is trivial to
change the name. Moreover, there might well be files named "California"
that are totally innocent.
I'll ignore the fact that any file named only this would not be
executable, and as such could not possibly spread a virus.
Since I have an audience, now is as good a time as any to pass along
our mantra. Everyone, repeat after me:
NEVER OPEN AN UNSOLICITED ATTACHMENT,
even when
it comes
from a trusted source. Note that some malware sends off email from an
affected user, so the account owner might not have actually sent the
attachment (though it would come from an email address you recognize).
do not open the file. The file contains the "WOBBLER" virus.
Well, isn't that interesting.
There is no virus of this name; see the VGrep
database (leaving our site) and search for your self,
if you'd like to confirm this.
Of course, it is possible that VGrep doesn't have it in its database
yet, but that's unlikely.
This information was announced yesterday morning by IBM.
... a company known for its (general) lack of participation in the
antivirus field. The specialists at IBM, who are indeed very good, have no
mention of this on their
web site (leaving our site) have no mention of this.
Now I know Dave Chess is a busy fellow, but if this were real, he'd
have seen to it that his web site was up-to-date, I assure you.
The report says that ..."this is a very dangerous virus, much
worse than "Melissa" and
The report says nothing of the kind, since IT DOES NOT
EXIST!
there is NO remedy for it at this time.
Well, "known-virus" scanners find, ummm, *known* viruses, so if it
were just discovered yesterday, this comes as no surprise. But believe me,
antivirus companies know about advertizing, and if this were true it would be
all over their web sites.
(So I searched on 25 May) Hmmm. Not a single hit? Could it be that
marketroids the world over missed this opportunity??
One syllable answer:
NO.
Checking again today (06 June), I find only debunking on antivirus sites.
What a surprise.
Some very sick individual has succeeded in using the reformat
function from Norton Utilities causing it to completely erase all
documents on the hard drive.
No; some sick individual has started another hoax -- a highly
derivative one, surprise surprise. Unfortunately, well-meaning folks
have spread it as well.
It has been designed to work with Netscape Navigator and
Microsoft Internet Explorer.
It has been designed to exploit the "Good Samaritan" impulses of folks.
It destroys Macintosh and IBM compatible computers. This is a
new, very malicious virus and not many people know about it at
this time.
Nobody knows about it, BECAUSE IT (all together now) DOES NOT EXIST.
If it did, a responsible alert would have plenty of points of contact.
This one has not a one, and the vague "source" (IBM) clearly has no
reference.
What fools these hoaxters be.
Please pass this warning to everyone in your address book and
share it with all your online friends asap so that the
destruction it can cause may be minimized"
Please don't waste bandwidth spreading unsubstantiated drivel.
Anyone who knows the "real" Dave, or whoever actually started this
silliness, give him (or her) a good "thwack upside the haid" from me. Of
course, the real likelihood is that "Dave" is as fictitious as the "facts" of
this hoax.
Note similarities with these hoaxes: It Takes Guts to
say 'Jesus', Win a
Holiday, and Return or Unable
To Deliver.
Also, see DataFellows (leaving our site) take
on this hoax.
Please do not forward this -- or any other hoax -- to all
your friends.
Instead, you should reply to the sender -- and as far back up the email
chain as you have energy -- informing the originators that this is a hoax.
For this particular hoax, I suggest that you provide a pointer to this URL
(http://www.umich.edu/~virus-busters/hoaxes/wobbler.html)
For virus or hoax info, please see our main page
(http://www.umich.edu/~virus-busters/) or go to another reputable
site, like DataFellows (leaving our site).
-BPB
Last updated:
Wednesday, 02-Jan-2002 17:18:25 EST.
University of Michigan Virus Busters - virus.busters@umich.edu
visits to this page since 06 June, 1999 01:45 EDT