Bravo Memo

From the desk of: Sam C. Chan

Teddy Bear Hoax

May 13, 2002

To: Mike J

This is a general advisory from your beloved IT director.

The warning you received regarding the supposed "teddy bear" virus "incurable" by Norton and McAfee is simply a garden variety hoax. That email was well-intended from your friend, but ill-intended from its originator. It's utterly false and harmful in any case. It instructs you to delete a legitimate program Jdbgmgr.exe, the Microsoft Debugger Registrar for Java (IE). This results in lost of certain functionalities in Java.

As I mentioned on phone, there are numerous similar hoaxes. SULFNBK.EXE is another well-known one. Obviously, the original authors of such bogus warnings intent to frighten and mislead the naive users.

For years, my standing recommendation and policy has been: Mere mortals (end-users) should refrain from being self-appointed security look-outs, or worse―remedy advisors. Leave that duty to the IT gods like me. The reasons: The average person simply does not fully comprehend the nature of technical matters. The fact that most of the media reports are inaccurate and missing the main points doesn't help matters either.

Nobody had ever benefited (and never will) from a friendly tip/warning from a friend regarding SPECIFIC threats. Majority of them are false and harmful. What's needed is education for general vigilance against the threats collectively.

The nature of email forward is such that it's infinitely self-perpetuating. As such, the information is by definition out-dated and inaccurate. There's no central authority or coordination.

Facts:
Email sources are unknown. The "from" address is likely spoofed and actually sent by mass-mailing worms. Even if it's actually sent by a friend/coworker complete w/ personalized comments, the original source of the forward is untraceable.

Do:
-Pass on LINKS (not copies) to articles from trusted and respected sources. Let the recipient read it first hand and use their own judgment regarding that particular source.
-Warn about dangers in general and educate on safe practices.

Don't:
-Warn about specific threats.
-Urge them to "forward to everyone in your address book."
-Send "fix" programs via attachment, or... <Gasp>... accept them.