Vmyths.com



Hoaxes, myths,
urban legends

Columnists

Newsletter
signup


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

AOL4FREE Trojan/virus

CATEGORY: Overblown computer security threats

A popular chain letter appeared worldwide in March 1997, warning users not to open an email if it contains "aol4free" in the subject line. Numerous versions of the alert message now exist. In some cases, it claimed the virus resided in an attachment; in other cases, the alert claimed the email itself was the threat. The AOL4FREE virus supposedly:

  • activates if you read the offending message with your eyeballs;
  • crashes your computer after you turn it off;
  • cannot be detected by any antivirus software;
  • displays a ceremonial window showing the filenames as they disappear from your computer.
The first AOL4FREE alert appeared on Usenet on 1 March 1997. Chain letters reached critical mass near the end of the month when AOL users suddenly started forwarding alerts to everyone they knew. Almost all variants of the alert plead for you to "send this to as many people as possible"; one variant ordered each recipient to forward it "to as many people as you can." Ironically, some well-meaning users included "aol4free" in the subject line of their own warning messages. This only added to the worldwide confusion.

A utility called AOL4FREE actually did exist at the time — it provided users with illegal free time back when America Online charged by the minute for access. A college student wrote the program after discovering how to exploit AOL's network; he eventually pled guilty to a federal charge of computer fraud. Publicity surrounding the case probably also contributed to the confusion.

An AOL representative spoke to Vmyths.com editor Rob Rosenberger in April 1997. She didn't know of any destructive Trojan horse called AOL4FREE, although conceivably a Trojan by that name might exist. (AOL urges people to obtain software only from reliable sources.) Genuine virus experts released statements labeling AOL4FREE chain letters as a "hoax," although they acknowledged it would take little effort to create a virus somewhat like it.

Then, on 16 April 1997, U.S. DoE CIAC issued an alert about a Trojan horse called AOL4FREE.COM which deletes data on hard drives. (See related link.) CIAC clearly stated "this is different from the AOL4FREE hoax message" circulating on the Internet. CIAC did not retract its original alert about the hysterical worldwide chain letters. "That warning is either a hoax or a badly misunderstood description of this Trojan Horse."

Points to ponder:

  1. The unknown originator of one alert variant claimed the virus circumvented "the Anti-Virus Software that comes with the Windows '95 Program." Can you identify this software by name? (Hint: it's a trick question.)
  2. He/she also claimed "the virus wiped me out." How did this person send a warning message to others?
  3. CIAC's alert (see related link) indicates any fool could have created this utterly trivial Trojan after the fact to
    • discredit the antivirus community for dismissing the chain-letter alerts as hoaxes and
    • rekindle the hysterical worldwide chain-letter campaign.
  4. Suppose AOL offered a contest for a free year of access. Suppose you desperately wanted to win. Obviously, you'd need to stuff the ballot box. You'd also want to reduce the total number of contest entries. What better way than to convince na´ve users to delete every message announcing the contest?
  5. Suppose you receive a file from an unknown source and you choose to delete it as a precaution. Does this mean you deleted an actual malicious file? Or does it simply mean you deleted a file as a precaution?
Trend Micro rode on the coattails of the AOL4FREE hysteria, releasing a "free detector/remover" so frightened users can scour their hard disks for this extremely rare Trojan horse. Unfortunately, Trend decided to call the software KILLAOL.EXE. A network administrator apparently started a chain letter on 27 April 1997 claiming an "anti-AOL group" wrote it.

CIAC confirmed only 28 cases as of 11 June 1997 where the actual Trojan deleted files. That's 28 cases worldwide, and those confirmations surfaced after CIAC begged on its home page for a global scavenger hunt. So let's do a little math to put this "threat" in perspective. We'll assume 240 users lost data to the AOL4FREE Trojan and we'll assume 120 million IBM PC compatibles in use around the world at the time.

This would mean roughly one out of every 500,000 computers lost data in 1997. You stood a better chance of winning the Illinois state lottery that year if you bought one ticket for each drawing.

Vmyths.com editor Rob Rosenberger tracked down 63 people who claimed an AOL4FREE "virus" wiped out their hard disks. Of those who responded, every one of them sheepishly admitted they didn't get wiped out — rather, they received the alert message from someone else and "cleaned it up" to make it more readable. When these people forwarded it to others, they included the "first person" part of the alert, making it sound like their computers got hit. Almost all of these people said they "just want[ed] to warn some friends" about the virus. Seventeen admitted they didn't read the message closely before forwarding it to everyone they knew.

Two respondents claimed the person who sent them the message got hit. A third person later retracted the same claim: "he told me that he was just forwarding it..." A fourth person also retracted this claim after investigating it. Vmyths.com assumes the other two respondents discovered the same thing but their embarrassment prevented them from admitting it.

Last updated: 2000/8/11