Truth About Computer Security Hysteria
AOL4FREE Trojan/virusCATEGORY: Overblown computer security threats
A popular chain letter appeared worldwide in March 1997, warning users not to open an email if it contains "aol4free" in the subject line. Numerous versions of the alert message now exist. In some cases, it claimed the virus resided in an attachment; in other cases, the alert claimed the email itself was the threat. The AOL4FREE virus supposedly:
A utility called AOL4FREE actually did exist at the time — it provided users with illegal free time back when America Online charged by the minute for access. A college student wrote the program after discovering how to exploit AOL's network; he eventually pled guilty to a federal charge of computer fraud. Publicity surrounding the case probably also contributed to the confusion.
An AOL representative spoke to Vmyths.com editor Rob Rosenberger in April 1997. She didn't know of any destructive Trojan horse called AOL4FREE, although conceivably a Trojan by that name might exist. (AOL urges people to obtain software only from reliable sources.) Genuine virus experts released statements labeling AOL4FREE chain letters as a "hoax," although they acknowledged it would take little effort to create a virus somewhat like it.
Then, on 16 April 1997, U.S. DoE CIAC issued an alert about a Trojan horse called AOL4FREE.COM which deletes data on hard drives. (See related link.) CIAC clearly stated "this is different from the AOL4FREE hoax message" circulating on the Internet. CIAC did not retract its original alert about the hysterical worldwide chain letters. "That warning is either a hoax or a badly misunderstood description of this Trojan Horse."
Points to ponder:
CIAC confirmed only 28 cases as of 11 June 1997 where the actual Trojan deleted files. That's 28 cases worldwide, and those confirmations surfaced after CIAC begged on its home page for a global scavenger hunt. So let's do a little math to put this "threat" in perspective. We'll assume 240 users lost data to the AOL4FREE Trojan and we'll assume 120 million IBM PC compatibles in use around the world at the time.
This would mean roughly one out of every 500,000 computers lost data in 1997. You stood a better chance of winning the Illinois state lottery that year if you bought one ticket for each drawing.
Vmyths.com editor Rob Rosenberger tracked down 63 people who claimed an AOL4FREE "virus" wiped out their hard disks. Of those who responded, every one of them sheepishly admitted they didn't get wiped out — rather, they received the alert message from someone else and "cleaned it up" to make it more readable. When these people forwarded it to others, they included the "first person" part of the alert, making it sound like their computers got hit. Almost all of these people said they "just want[ed] to warn some friends" about the virus. Seventeen admitted they didn't read the message closely before forwarding it to everyone they knew.
Two respondents claimed the person who sent them the message got hit. A third person later retracted the same claim: "he told me that he was just forwarding it..." A fourth person also retracted this claim after investigating it. Vmyths.com assumes the other two respondents discovered the same thing but their embarrassment prevented them from admitting it.
Last updated: 2000/8/11