Dr Solomon's notice about AOL4FREE Email Hoax and Trojan Horse program

Last Modified: 21 April 1997
Advisory From Dr Solomon's

THE AOL4FREE HOAX AND THE AOL4FREE.COM TROJAN HORSE
---------------------------------------------------
Recently there has been a lot of confusion regarding "AOL4FREE". The
confusion has been generated by two separate events:

1.The distribution of an AOL4FREE hoax message, which was spread via
email and usenet newsgroups. Other hoaxes include Good Times, Irina,
and PenPal Greetings.

2.The distribution of a genuine AOL4FREE.COM trojan horse program which
was spread a few weeks later.


THE HOAX MESSAGE
----------------
The original hoax message which was sent via email claimed there was
an email being distributed with the subject line "aol4free.com". The
hoax went on to claim that "within seconds of opening [the email] a
window appeared and began to display my files that were being
deleted".

Like other hoaxes it is important to point out that a user cannot be
infected or damaged simply by the subject line of an email. An
executable attachment to an email will not 'run' automatically. Like
other hoaxes this message should not be taken at face value.  An
article all about virus hoaxes can be read at our website:
http://www.drsolomon.com/vircen/hoax.html

THE AOL4FREE.COM TROJAN HORSE
-----------------------------
The AOL4FREE.COM trojan horse displays a message listing the
directories on your hard drive it is deleting and may be followed by
an obscene message.

A Trojan Horse is a program that deliberately does unpleasant things,
as well as (or instead of) its declared function. They are not capable
of spreading themselves and rely on users copying them. Because trojan
horses do not replicate they are not viruses and are not frequently
encountered.

It seems highly likely that this trojan horse was written as a
response to the original hoax warning in an attempt to confuse
computer users.

Please note: it does not attack users via use of the subject line of
the email. The only way users can be damaged by this trojan is (like
any other trojan) if they decide to run it.

We do not believe this trojan horse is particularly common.

We have an extra driver available to add detection of this trojan
horse to Dr Solomon's Anti-Virus Toolkit. To download this free
driver, go to http://www.drsolomon.com/vircen/aol4free.html

_______________________________________________________________
Advisory From Dr Solomon's

Web    : http://www.drsolomon.com/  CServe : GO DRSOLOMON  
FTP    : ftp.drsolomon.com          E-Mail : info@drsolomon.com
Last updated: Friday, 20-Nov-1998 11:19:28 EST.
University of Michigan Virus Busters - virus.busters@umich.edu