Nonprofit, independent journalism. Supported by readers.


How to distinguish a fake virus alert from the real deal

It was a lovely weekend, with Valentine’s roses still in bloom, goodwill still intact and plenty of chocolates yet to be had. Lovely, that is, until this arrived in the inbox: Read more… By Christina Capecchi 

It was a lovely weekend, with Valentine’s roses still in bloom, goodwill still intact and plenty of chocolates yet to be had. Lovely, that is, until this arrived in the inbox:

“You should be alert during the next few days. Do not open any message with an attachment entitled ‘Invitation,’ regardless of who sent it to you. It is a virus which opens an Olympic Torch which ‘burns’ the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list.

“This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.”

If these words induce sweaty palms and a phone call to your spouse, you’re not alone. Virus warnings worry the average computer user.

But the average virus warning is illegitimate, as is the above Olympic Torch alert, despite its introductory assertion: “I checked with Norton Anti-Virus, and they are gearing up for this virus, so I believe this is real.”

Fraudulent virus alerts abound, preying on panic and ignorance. Even when we’re savvy enough to question a warning’s veracity, we often forward it on, nudged by the earnest intent to err on the safe side.

However, more than 95 percent of virus warnings are illegitimate. Which means the safest response is to delete them. By forwarding a virus hoax, you are, at best, fulfilling the twisted desire of an innocuous oddball and, at worst, confirming your e-mail address to a malicious scammer.

The same virus warnings, some with minute alterations, have marched from e-mail account to e-mail account for years. There is always a new group of e-mailers ready to sustain them, naively forwarding them to everyone in their address books.

‘Bogus until proven accurate’
“Many fake virus warnings are ‘phishing’ attempts in disguise,” according to David Sisk, Macalester’s associate director of information technology services “Smart spammers can make a lot of money by selling lists of verified genuine e-mail addresses to bulk e-mailers and other spammers,” he told me in an e-mail.

He offered this general guideline: “As far as I’m concerned, all virus warnings are bogus until proven accurate, and extremely few pass the test – perhaps two a year.”

Sisk spends considerable time educating Macalester students about virus hoaxes. Today, he agreed to educate readers.

These are tell-tale signs of a virus hoax, according to Sisk:

• Odd-looking domain names, especially those that contain two-letter country codes (for example, an e-mail from is being sent from Russia – that should set off some alarm bells).

• Broken, stilted, or oddly phrased English.

• Messages sent to “account holder” or something generic, rather than a specifically identified recipient.

• Messages that contain a .zip archive or an attached file, especially an executable file (.exe), or program, are nearly always viruses.  URLs are slightly less suspect in that one can chop off the end of it and just check the root, thus:

• Requests to pass on the warning to “to others in your address book,” or “everyone you know.” 

• Exclamatory language.

Sisk wrote: “The likelihood of a scam or virus rises in direct proportion to the level of hysteria with which a message proclaims its legitimacy, e.g., a subject line of “Warning: virus detected” (which is likely untrue but deserves investigation) versus “URGENT!! *CRITICAL* VIRUS WARNING!! MUST READ!!!” (which I’d delete unread).”

Expect detail from the real deal
On the flip side, a legitimate virus warning will:

• Come from a trusted sender, such as professional anti-virus vendors.

• Carry clear information about who sent it and how to contact that person/organization.

• Explain what the virus is.

• Explain how the virus works

• Relay any known tips on combating the virus.

If you’re still unsure of a warning’s veracity, check the official virus page of your anti-virus vendor (such as Symantec’s virus page). You can also check debunking sites, such as, which debunks the Olympic Torch virus warning, noting, “The classics never go away.”