Got a question? Try
Previous "Hoax du Jour" columns
Related topic: you know what e-mail is. But do you know what "e-v-mail" is?
Related topic: rate your own Internet alert (or just-received warning from a well-meaning friend) against the Korova Drop-dead Internet Alert guide.
Computer virus protection If you're not using anti-virus software, you need to consider getting some, and soon. Click here to choose some from Amazon.com. If you're connected to the Internet with an "always on," broadband connection (cable modem or DSL), consider getting some firewall software, or a hardware solution for your entire home network.
The "Hoax du Jour" is a recurring column providing updated
information and commentary on the Internet community. It is a feature of
Korova Multimedia's "e-v-mail" page.
Computer Virus Myths
The Curse of a Thousand Chain Letters
Lycos Guide: Urban Legends
The Motley Fool
Clean the hoax-y taste from your mouth with Nonstop Anonymous Monotonous Onomatopoeia, just for fun.
Get a fresh perspective with Korova Truth.
Think outside, way outside, of the box at ChromeJob.com.
by Jan Harold Brunvand
February 27, 2000
Malicious Code Alert: Gohip Freevideo
The downloaded program from GoHip.com also changes the default home page, and default search page, for the user's web browser. But wait -- there's more. The reversal instructions on the GoHip.com site indicate that the program may even alter the default WordMail (using Microsoft Word with Outlook) template. This is particularly injurious, since most users will not know how to restore this setting. (The GoHip instructions, as of 2/27/2000, are not specific; I've archived a dated copy here on my site for authenticity.)
Technically, we might not call the GoHip.com download a "Trojan," since the user agreement discloses at least some of these changes, and the user can only proceed upon accepting these changes. Still, Finjan claims that the GoHip user agreement DID NOT disclose all the changes that the downloaded program performed.
Further consternation results from the download boasting certification by Verisign. Verisign, to their credit, asserts that their seal only assures the user that the file is a true and correct download from GoHip, and not an assurance that what is downloaded will not perform additional, mischievious functions.
I have to split hairs with Finjan about GoHip's ActiveX script being "malicious code." It does no real "harm" to the user's computer, only abuses user naivete. It turns home users' computers into GoHip.com marketing spam engines, but that's not the same as crippling their programs and destroying their data. The program does not disable the computer, or even interfere with normal processing.
But the program acts in a fashion similar to viruses and Trojans, even those mythic bugaboos that phony "virus alerts" warn naive users about. It hijacks the system and uses it to perform functions that perhaps only GoHip is interested in.
That the program is a violation of the Federal Computer Fraud and Abuse Act, I have no doubt -- the program clearly makes changes to a user's computer that the user would not expect, or invite, with a "video browser enhancement." The new e-mail sigline has nothing to do with the words "video," "browser" or "enhancement." Past lessons have taught us that you don't have to be malicious to be a computer criminal.
Legal arguments aside, Sunil Paul's science fiction of 1999 has become the GoHip reality of 2000. Welcome to Cyberspace 2000, baby -- viral marketing is now.
April 6, 2000
Following all the hubbub about GoHip.com's malicious code, I noted that they had revised their "removal instructions." Their explicit instructions in February (archived here as an example), provided some detailed clues as to WHAT they changed and HOW users could reverse those changes. The new instructions in March invited the user to download YET ANOTHER PROGRAM to reverse the changes. (And as of this date, they'd changed them again (!), shortening the instructions even further.)
Disclosure: the instructions I link to here are on my server, not GoHip's. The only edits I performed were to reference their logo locally, and disable the hyperlinks. Otherwise, the files are the same as I found them on GoHip.com's site.
Now let's think about this. GoHip.com got bad press because their downloaded ActiveX code made unsolicited changes to users' computers. Their solution? Ask users to trust them yet again -- and download an executable. Regardless of their ethics, you've got to admire these guys' chutzpah!
(A flyby of the Korova AWACS to Brian Johnson for sharing this news.)