Korova Multimedia

Up to the "Hoax du Jour" home page
(home page)

Updated info!

Finjan Alert

WIRED news (2/25)

Public links to this specific article:
Also: this page, print-friendly

Got a question? Try
"The FAQ du Jour"

Previous "Hoax du Jour" columns

The "Hoax du Jour" Index

A More Wretched Hive of Scum & Villainy

Children's Crusade

Lingering Misinformation

Viral marketing is Now.

The Grinch is Real

Call Now!
(Int'l phone scams)

"You're Never Gonna Believe This..."

The Word Macro Spam 'Bot

Calls to Overreaction

Remote Explorer of My Eye

Internet Access Charges & Taxation

The Fear of AIDS (Needles)

Toxic Tampons

Death Threats and Disney Trips

The AOL Hacker Riot II

The "90# Phone Scam" Alert

E-j-mail Extortion

Phone Slamming

AOL Cookie

Click here for the "Hoax du Jour" top-level page.

Related topic: you know what e-mail is. But do you know what "e-v-mail" is?

Related topic: rate your own Internet alert (or just-received warning from a well-meaning friend) against the Korova Drop-dead Internet Alert guide.

Computer virus protection If you're not using anti-virus software, you need to consider getting some, and soon. Click here to choose some from Amazon.com. If you're connected to the Internet with an "always on," broadband connection (cable modem or DSL), consider getting some firewall software, or a hardware solution for your entire home network.

About the "Hoax du Jour"

The "Hoax du Jour" is a recurring column providing updated information and commentary on the Internet community. It is a feature of Korova Multimedia's "e-v-mail" page.

What is a "hoax du jour?" With the advent of widespread use of the Internet as a medium for sharing information, the phenomenon of sharing misinformation has exploded. Conventional urban folklore and propaganda have blossomed on the Internet. Intentionally misleading information is broadcast on a professional and personal level.

On the Web, misinformation wants to be free. It also likes to be free of authenticity and corroboration, when such grounding deflates the credibility of the content.

The result? Naive users of the Internet are subjected to a daily barrage of data that are erroneous, slanderous, and sometimes even destructive. This page is dedicated to discussing intentional misinformation, or 'Net hoaxes.

Disclaimer The opinions expressed here are entirely my own, and do not reflect policy or intentions of any persons, groups or companies referred to or linked from this site. I, my guest writers, or Korova Multimedia are not responsible for content or sites linked to from the "Hoax du Jour" column.

Kudos and links for
the "Hoax du Jour"

("Best of the Net")

Computer Virus Myths

The Curse of a Thousand Chain Letters

Lycos Guide: Urban Legends
(Top Rated Site)

The Motley Fool
("striking a blow for rationality")

(March, 2001)

("three stars")

Also on Korova.com

Clean the hoax-y taste from your mouth with Nonstop Anonymous Monotonous Onomatopoeia, just for fun.

Get a fresh perspective with Korova Truth.

Think outside, way outside, of the box at ChromeJob.com.

Other anti-hoax resources

Korova Multimedia: "e-v-mail"

Rob Rosenberger:
Computer Virus Myths

DoE CIAC - Hoaxbusters

Barbara Mikkelson:
Urban Legends Reference Pages

David Emery:
About.com guide to Urban Legends & Folklore

HoaxKill Service

Urban legend and computer security books

by Jan Harold Brunvand
Click to order this title from Amazon.com
The Baby Train
The Choking Doberman
Curses! Broiled Again!
The Mexican Pet
The Truth Never Stands In The Way Of A Good Story

Computer Security Basics (O'Reilly)

... or search Amazon.com for more books about hoaxes and urban legends...

Sponsor links:

February 27, 2000     

Viral marketing is Now.

On April 1, 1999, I discussed a concept of "viral marketing," suggested by Sunil Paul (CEO of Bright Light Technologies). Mr. Paul suspected that, in the future, a viral worm like W97m/Melissa could be used for marketing purposes. I countered that this would only be possible if the marketing message were inserted into users' e-mail directly, thereby removing the possibility that a "market 'bot" attachment weren't opened.

GoHip.com logo

Ta-da! Less than a year later, the inevitable has happened. An inethical web site called GoHip.com has released a program that, when downloaded to Windows computers, will essentially insert the web site's promotional signature line (sigline) into every outgoing e-mail (provided the user sends messages with the Outlook mail client) afterwards. For inexperienced users who aren't familiar with configuring their systems, GoHip practically hijacks their computer and turns them into unwilling marketing dupes.

The free download that handcuffs users.

As reported in WIRED and other online news sources, Finjan software issued a "Malicious code alert" on February 17 about a free download offered by the GoHip.com web site, a "video browser enhancement." The enhancement doesn't seem to perform anything remotely like its promised results, but Finjan confirmed that the downloaded file delivers quite another payload than the site promises.

Malicious Code Alert: Gohip Freevideo
Finjan Software; February 17, 2000

... During installation, users may agree to the terms of the notice and not read all the fine print of the notice which accompanies the installation. This process includes changing the user’s default home page and search default to gohip.com pages, but does not mention everything the program will do.

Once accepted, an executable file is copied to the system named “download.exe” and executed automatically. This file modifies certain files on the local system such as the default e-mail signature for Microsoft Outlook. In the Windows startup folder, a file named “winstartup.exe” is created which performs the reinstallation of components each time Windows is started.

The user’s default personal e-mail signature is modified with this “commercial” for gohip.com:

Click here for Free Video!!

The downloaded program from GoHip.com also changes the default home page, and default search page, for the user's web browser. But wait -- there's more. The reversal instructions on the GoHip.com site indicate that the program may even alter the default WordMail (using Microsoft Word with Outlook) template. This is particularly injurious, since most users will not know how to restore this setting. (The GoHip instructions, as of 2/27/2000, are not specific; I've archived a dated copy here on my site for authenticity.)

Technically, we might not call the GoHip.com download a "Trojan," since the user agreement discloses at least some of these changes, and the user can only proceed upon accepting these changes. Still, Finjan claims that the GoHip user agreement DID NOT disclose all the changes that the downloaded program performed.

Further consternation results from the download boasting certification by Verisign. Verisign, to their credit, asserts that their seal only assures the user that the file is a true and correct download from GoHip, and not an assurance that what is downloaded will not perform additional, mischievious functions.

Let the promotions begin.

I have to split hairs with Finjan about GoHip's ActiveX script being "malicious code." It does no real "harm" to the user's computer, only abuses user naivete. It turns home users' computers into GoHip.com marketing spam engines, but that's not the same as crippling their programs and destroying their data. The program does not disable the computer, or even interfere with normal processing.

But the program acts in a fashion similar to viruses and Trojans, even those mythic bugaboos that phony "virus alerts" warn naive users about. It hijacks the system and uses it to perform functions that perhaps only GoHip is interested in.

That the program is a violation of the Federal Computer Fraud and Abuse Act, I have no doubt -- the program clearly makes changes to a user's computer that the user would not expect, or invite, with a "video browser enhancement." The new e-mail sigline has nothing to do with the words "video," "browser" or "enhancement." Past lessons have taught us that you don't have to be malicious to be a computer criminal.

Legal arguments aside, Sunil Paul's science fiction of 1999 has become the GoHip reality of 2000. Welcome to Cyberspace 2000, baby -- viral marketing is now.


April 6, 2000     

Following all the hubbub about GoHip.com's malicious code, I noted that they had revised their "removal instructions." Their explicit instructions in February (archived here as an example), provided some detailed clues as to WHAT they changed and HOW users could reverse those changes. The new instructions in March invited the user to download YET ANOTHER PROGRAM to reverse the changes. (And as of this date, they'd changed them again (!), shortening the instructions even further.)

Disclosure: the instructions I link to here are on my server, not GoHip's. The only edits I performed were to reference their logo locally, and disable the hyperlinks. Otherwise, the files are the same as I found them on GoHip.com's site.

Now let's think about this. GoHip.com got bad press because their downloaded ActiveX code made unsolicited changes to users' computers. Their solution? Ask users to trust them yet again -- and download an executable. Regardless of their ethics, you've got to admire these guys' chutzpah!

David Spalding

(A flyby of the Korova AWACS to Brian Johnson for sharing this news.)

© Copyright 1999 D.B. Spalding/Korova Multimedia. All rights reserved.







What's new?