Truth About Computer Security Hysteria
NaughtyRobot spiderCATEGORY: Hoax virus alerts
This hoax surfaced in January 1997 when Internet users received messages from themselves, "sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web."
The hoax goes on to claim NaughtyRobot captured the user's credit card numbers, home phone number, physical address, and other "personal, private, and sensitive information." It warns users to "alert your [Internet provider], contact your local police, disconnect your telephone, and report your credit cards as lost."
These seed messages scared numerous Internet users who then sent "first-person" warnings to everyone in their email address book. Many of these warning messages turned into chain letters, with each frightened recipient forwarding it on to everyone they knew.
Like many hoaxes, NaughtyRobot plays on a user's fear — in this case, fear of "the oxymoron of 'Internet security.' " Unlike most hoaxes, NaughtyRobot didn't begin as a chain letter. Its perpetrator instead used a well-known parlor trick to spoof the email address of each recipient, making it look like the message came from themselves. Frightened users who didn't know the trick started their own chain letters when they read the seed message.
And when the experts say "well-known," they mean it. Boardwatch editor Jack Rickard described this childish technique in a 1995 column — an ancient parlor trick even back then. "It is hardly a hack to 'spoof' mail ... [simply because] the Internet sports thousands of 'promiscuous' simple mail transport protocol (SMTP) servers." Things to ponder:
Last updated: 2000/10/2