!0000 Outlook Trick


Classification Status
Hoax

True  
Urban Legend   False
Chain Mail

Unknown  
Joke/Spoof

  

Aliases  
Scam   Related to  
"Dim bulb" Rating (Click here for details)

The !0000 Hoax originally started circulating in the Netherlands. The e-mail content contains a "trick" how to prevent/stop mass-mailing routines used by e-mail aware malware. 

The suggestion is to set up a dummy !0000  (or others, such as AAAAA) e-mail contact address in your Outlook or Windows address book, but without an actual (real) e-mail address. This would, it is claimed, then cause the e-mail to fail when accessed by an e-mail aware piece of malware.

This trick might work in a few instances, however,  it won't stop the vast majority of the e-mail aware malware.

Here is a copy of the original Dutch version that was going around: 

    Hierbij een handigheidje dat voorkomt dat een (eenmaal bij je binnengedrongen) virus zich verspreid over alle kennissen die in je adressenboek staan. Maak, in je adressenboek, een nieuwe contactpersoon aan met de naam :!0000 en zet daar geen emailadres bij. Deze fictieve contactpersoon zal nu helemaal bovenaan in je adressenboek staan. Als nu een virus probeert zichzelf te verspreiden via jouw adressenboek, dan zal je computer de foutmelding geven: "Dit bericht kan niet verstuurd worden, omdat een of meer contactpersonen geen geldig email-adres heeft. Controleer uw adressenboek en zorg ervoor dat alle contactpersonen een geldig email-adres hebben." Je klikt dan op 'OK'. Het virus wordt dan niet verzonden en je adressenboek is nog in orde. Het virus zal opgeslagen worden in je postvak uit (of 'drafts' als je hotmail gebruikt). Ga daar naar toe en verwijder het; ga dan naar je 'prullenbak' en verwijder het daar ook. Je hebt nu wel voorkomen dat het virus zichzelf verspreidt via je adressenboek, maar je moet nu nog wel zorgen dat je zelf het virus kwijtraakt !!

Below is a roughly translated English version of the above: 

    In order to avoid a virus dissemination by e-mail, add a contact to your address book named !0000 without any details.

    This contact will appear first at your address book. 

    If a virus tries to send itself to all your contacts it will cause an error message to be displayed, saying that the message couldn't be sent because one or more contacts has no e-mail address.

    Then, you can delete the message that contains the virus from the Sent Items.

Below is a new, lengthy version in English:


Here is something I learned today. A computer trick today that's really ingenious in its simplicity.

As you may know, when/if a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into YOUR computer, but it will stop it from using your address book to spread further, and it WILL ALERT YOU to the fact that the worm has gotten into your system.

Here's what you do:

first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses.

In the window where you would type your friend's first name, type in !000 (that's an exclamation mark followed by 3 zeros).

In the window below where it prompts you to enter the new email address, type in "WormAlert". Then complete everything by clicking add, enter, ok, etc.

Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected.

Here's the second great advantage of this method: if an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it!

Be a responsible email user and do this.

New Version, which adds a new twist:

HOW TO PROTECT YOUR ADDRESS BOOK:

I learned a computer trick today that's really ingenious in it simplicity. As you may know, when/if a worm virus gets into your computer it heads straight for your email address book, and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact, that the worm has gotten into your system.

Here's what you do: first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses. In the window where you would type your friend's first name, type in AAAAAAA. In the window below where it prompts you to enter the new email address, type in WormAlert@somewhere.com . Then complete everything by clicking add, enter, ok, etc.

Now, here's what you've done and why it works: The "name" AAAAAAA will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to AAAAAAA, it will be undeliverable because of the phony email address you entered (WormAlert@somewhere.com). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected.

Here's the second great advantage of this method: If an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert@somewhere.com could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it! Pretty neat, huh?

If everybody you know does this then you needn't ever worry about opening mail from friends. Pass this on to all your friends.

What's the twist? Simply that wormalert@somewhere.com is a valid and functioning e-mail address. The company 'Somewhere' does exist, and therefore someone has taken this hoax and turned it into a targeted Spam attack. 

Here's part of the response you will get from WormAlert@Somewhere.com if you send an e-mail to it:

In reply to a message from "xyz" <xyz@test.com>. Over 70,000 auto-replies sent in the past month.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

You are receiving this message because you either sent mail to the address wormalert@somewhere.com, OR someone sent mail to you and a copy to wormalert@somewhere.com. We are trying to stop this hoax, and this is the best way we can think of to do that. This is an automatic reply message, however we will read any replies to this message.

There is a message traveling around advising people that they should add an entry called "wormalert@somewhere.com" to their address book and give it the name "AAAAAA". This (so the rumour goes) will allow them to detect when they get a virus, because the virus will send mail to that address first, they'll get the bounce, and then they'll know that they have a virus and can stop it. The message sometimes even claims the bogus address will somehow "stop" the virus from spreading.

This is a hoax, it does not work. In fact, the wormalert address receives hundreds of viruses every day--all from people who put it in their address book because they thought it would protect them.

1. If a virus has infected your computer, it's too late. Even if you did see the bounce, the virus has already had time to send to everyone in your address book and fully infect your computer. Time to run a virus disinfectant if you are lucky, restore from backups if you are not.

2. Most viruses don't scan your address book in alphabetical order.

3. A false address is not going to keep a virus from sending messages to every other address. There are two kinds of "bad" addresses. An address may be malformed or it may refer to an account that doesn't exist. A virus will ignore the first kind, and the second kind will eventually send back an error message which you may or may not read. Neither will stop a virus, and the bounce may not show up for hours or days.

4. Most viruses forge the from address (the Klez virus sets it to the address of someone else in your address book). You may well have had people complain that you sent them a virus when you didn't--that's why. But this means that the virus may not bounce back to you, the error message may go to someone else in your address book along with a copy of the virus.

What you are seeing is the creation of a computer superstition. It's not surprising, the internet doesn't come with a manual--there's no good way for you to know what is real and what is not. But putting wormalert in your address book is right up there with using garlic cloves to ward off the plague. And like most superstitions, it's making people ignore the *real* way to combat the problem. False beliefs can be dangerous.

There is absolutely no substitute for anti-virus software. If you run Windows, run anti-virus software. And you *absolutely* must update the virus definitions every week. Not once a year, not once a month. Once a week. If you're paranoid about this (I am), update it once a night. I'd recommend software that automatically updates. Some anti-virus companies are only now making versions that do this for dialup users--check and see if yours does.

If you don't want the hassle of running anti-virus software and constantly checking for virus updates and application updates, I strongly suggest you go buy a Mac. It's not a panacea, but it's a lot easier to manage and there are a *lot* less viruses. I get about 70,000 email messages every year, along with more than 2000 attachments. In 13 years of using a Mac I've been infected by *one* virus, ten years ago. In 20 years of using Unix (e.g. Linux) computers I've had none. The only recent viruses I've received that *could* have infected my computers were Microsoft Word viruses--and those got caught by the anti-virus software. That's not to say I don't run Windows either--but I don't read mail on Windows machines, and I don't put them directly on the internet, it's just not worth the hassle. So, either use a platform that virus writers don't target, or run anti-virus software and keep all of your software up-to-date.

If you really want to help your friends and protect them from viruses, cut and paste the following virus cure and send *it* to everyone in your address book.

****** How to Protect Yourself from Viruses

1. Run anti-virus software and update the virus descriptions weekly. 2. Check weekly or monthly for security updates to your OS, email, browser, and office applications. (Microsoft, Apple and the Linux vendors all provide automatic mechanisms to do this--use them). 3. Backup your computer. 4. Relax, you've done everything you can--time to forward some more jokes. :-) ******

For more information about who we are (so you can see if *this* message is telling the truth) see http://consulting.somewhere.com/. I run Somewhere.Com, an internet development consulting company (web development, programming, security and the like). This isn't an ad, I just want you to be able to verify that this isn't yet another hoax. You can also search for my name on the internet to find out who I am. If you're really curious, Google Groups has postings of mine going back to 1983 or so. You'll notice that the hoaxes you recieve in email seldom give you a place to go and confirm them, let alone attach a name you can easily track down and verify.

** This is an automated reply to a message sent to wormalert@somewhere.com ** ** To communicate with a human, send mail to wormalert-admin@somewhere.com ** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org

iD8DBQE9B9mmJmw993D6vYIRAkDuAKC4KazQyc1RGY/FpLJoGa8pTjRJNwCfSvMQ CAqB1wD0JAu9mP6tBiz8MyU= =tAyh -----END PGP SIGNATURE-----

Please don't rely on this "trick", in most cases it won't work, don't forward this Hoax on to other people- delete it.  Instead of using this trick, try Installing the latest Microsoft patches for Outlook as you will get better protection, and/or use a good up-to-date anti-virus product.

 

The contents of all pages [and other material] on our site are copyright Martin Overton 1997-2007, or other stated author. All rights are reserved.
Reproduction, transfer, distribution or storage of part, or all of the contents in any form without the prior written permission of Martin Overton or the Copyright owner is prohibited.