Date:         Fri, 21 Dec 2001 02:12:15 -0500
Sender:       The Internet TourBus - A virtual tour of cyberspace
From:         Bob Rankin 
Subject:      TOURBUS - 20 Dec 01 - SULFNBK: The Un-Virus
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
               TOURBUS Volume 7, Number 41 -- 20 Dec 2001
    _________ ____________ ________ __________ _____________ ___ _
   /         |            /        |          |             /   | \
  |         LONG DISTANCE CALLS For Just 5 CENTS a Minute  /    |  \
  |__________|__________/__________|__________|___________/_____|   \
 /                                                              |----\
|   Sign up for IDT Long Distance and get long distance calls   |////|
| anywhere in the continental US for just 5 CENTS A MINUTE.     |////|
| All day, every day - not just nights and weekends, like other |////|
| carriers. No other major carrier has a better flat rate plan. |////|
| Not AT&T, not Sprint, not MCI. Sign up now, it only takes two |////|
| minutes.  If you are not satisfied you can cancel anytime.    |////|
|                                                               |////|
|         |////|
|    IDT Long Distance - CLICK for Info                     |////|
       /   \  /   \                                             /   \
       \___/  \___/  T h e   I n t e r n e t   T o u r B u s    \___/
        SIX YEARS of Searchable Archives at !
Howdy, y'all, and greetings from Patrick in beautiful Irvine,
California, the northern end of the Earth's axis, lying in the
Arctic Ocean, about 450 miles north of Greenland..  :P
TOURBUS is supported by our wonderful sponsors.  Please visit today's
sponsors, do some holiday shopping, and say thanks for keeping the Bus
   Micro-Lights are the BRIGHTEST flashlights for their size in the
   world.  You'll LOVE having reliable incredibly bright light for any
   situation - in the car, dark doorways, power failures - 120 hours
   on a single lithium battery!  Micro-Lights are SMALL... clip to your
   key chain, or keep it in your pocket or purse.  Carry a Micro-Light
   for a week and you'll NEVER go anywhere without it.  Micro-Light
   owners love 'em: "They are COOL!  I'm ordering 4 more with Accessory
   Kits to give away as gifts."  SHIPPING IS FREE IN THE USA!
On with the show ...
The Return of the SULFNBK.EXE Virus Hoax
Do you remember the "honor system" virus?  It was a joke that was
passed around the Internet last summer:
   This virus works on the honor system.
   Please forward this message to everyone you know, then delete all
   the files on your hard disk.
   Thank you for your cooperation
Well, a few months ago a nefarious netizen took the "honor system"
virus joke, rewrote it, and created an equally fake virus warning that
many newbies have taken seriously.  The new warning asks you to scan
your hard drive for a file named SULFNBK.EXE and, if you find it, to
delete it from your system.

What the virus warning fails to tell you is that SULFNBK.EXE is *NOT*
a virus, it is a Windows utility used to restore long file names in
the case of a catastrophic crash.  DON'T DELETE THIS FILE, FOLKS.
Fortunately, SULFNBK.EXE isn't an *essential* Windows file -- you can
actually live with out it -- but you'll never catch *ME* saying that
out loud.  Why let the newbies off the hook so easily when this is
such a wonderful "teachable moment?"  :P
Long story short: if someone sends you an email that asks you to do
*ANYTHING* -- invest money, sign an online petition, warn your friends
about a new virus threat, delete files from your Windows system
folder, forward information to everyone you know, yadda yadda yadda --
take two seconds to verify the contents of the email before you do
ANYTHING!  It is so simple to do, and it keeps you from making a fool
of yourself in front of the entire planet.
For example, a simple search at 
for "SULFNBK.EXE" results in 13,800 hits, and EVERY ONE of the first
10 hits shows you that that the SULFNBK.EXE virus warning is a hoax
(and the sixth hit is actually a page at my Web site,,
telling you how to restore SULFNBK.EXE in case you were foolish enough
to delete it.)  Two seconds of work and you keep from damaging your
By the way, another great hoax-debunking resource is The Urban Legend
Combat Kit at .
This page shows you, step-by-step, how to create an urban legend
search bookmarklet, in effect automatically adding a free urban legend
search tool to your favorite Web browser.
Finally, if you want to know everything you could possibly want to
know about the SULFNBK.EXE virus hoax, check out .
Microsoft Uber-Patch for IE 5.5 SP2 and 6.0
Something that *ISN'T* a hoax, however, is the fact that Microsoft
Internet Explorer has recently been plagued with over a dozen rather
severe security holes.  We have talked about most of these security
holes -- and how to patch them -- in previous TOURBUS posts.
Earlier this week Microsoft released a "cumulative patch that, when
installed, eliminated all previously discussed security
vulnerabilities affecting IE 5.5 and IE 6.  In addition, it eliminates
three newly discovered vulnerabilities."
Microsoft considers this patch to be critical and recommends that all
"[c]ustomers using IE should install the patch immediately," partly
because of the severity of the three newly discovered vulnerabilities
that the patch eliminates.
This patch is only for Windows-based versions of Internet Explorer. If
you have a PC, you *NEED* this patch.  If you have a Mac, you don't
need this patch -- these security hole exist only in the Windows
versions of Internet Explorer.
You can download Microsoft's uber-patch at
If that address doesn't work, you can find a link to the uber-patch on
my main homepage at .
By the way, Microsoft no longer supports *ANY* PC versions of Internet
Explorer other than IE 5.5 SP2 and IE 6.  From what I can gather, many
of the security holes that this uber-patch fixes exist in older
versions of Internet Explorer, but this patch will not update those
older browsers.  If you have an older, unsupported browser and try to
download the patch, Microsoft will ask you to update your browser
first, either by downloading a service pack for Internet Explorer 5.5
or upgrading to Internet Explorer 6.  [If I were you, I'd skip the
service pack and upgrade to 6.]
Once you have upgraded your browser to IE 5.5 SP2 or IE 6, you'll need
to download and install the uber-patch.
Happy holidays.  :P
Fear and Loathing in Beautiful Downtown Irvine
Considering that I am 6'6" (1.98 m) tall and I survived cancer 11
years ago, there isn't much that frightens me.  But one of the new
vulnerabilities in Internet Explorer (which the patch eliminates)
scares the living hell out of me.
According to Microsoft's Security Bulletin,
    ... if an attacker altered the HTML header information in a
    certain way, it could be possible to make IE believe that an
    executable file was actually a different type of file -- one that
    it is appropriate to simply open without asking the user for
    confirmation.  This could enable the attacker to create a web
    page or HTML mail that, when opened, would automatically run an
    executable on the user's system.
Wait, it gets worse.  John Pescatore, an analyst at Gartner, predicts
    The odds are high that a worm that uses a Nimda-like approach and
    that looks to exploit unpatched systems will be launched by the
    end of 1Q02.
    [from ]
So, in other words, if you use Internet Explorer on a PC and *DON'T*
download and install the uber-patch, there is a not-so-insignificant
chance that you will soon visit an evil Web site or receive an HTML-
formatted email that will, in the words of Microsoft's Security
    enable an attacker to potentially run a program of her choice on
    [your computer].  Such a program would be capable of taking any
    action that [you] could take on [your] machine, including adding,
    changing or deleting data, communicating with web sites, or
    reformatting the hard drive.
And, since this attack will come in the form of an executable file and
not a virus, your antivirus program probably won't protect you.
But that isn't what frightens me.  What frightens me is that, despite
the fact that 80% of the Internet-surfing population uses Internet

Well, at least everyone on our little bus of Internet happiness knows
about Microsoft's uber-patch and can protect themselves from the
coming storm.  :)
That's it for this week.  Have a safe and happy holidays and we'll
talk again soon.
AFAR (Noun).  A conflagration.
    In a small Southern town there was a "Nativity Scene" that showed
    great skill and talent had gone into creating it.  One small
    feature bothered me.  The three wise men were wearing firemen's
    Totally unable to come up with a reason or explanation, I left.
    At a "Quick Stop" on the edge of town, I asked the lady behind
    the counter about the helmets.
    She exploded into a rage, yelling at me, "You damn Yankees never
    do read the Bible!"
    I assured her that I did, but simply couldn't recall anything
    about firemen in the Bible.
    She jerked her Bible from behind the counter and ruffled through
    some pages, and finally jabbed her finger at a passage.
    Sticking it in my face she said "See, it says right here, 'The
    three wise man came from afar.'"
You can find all of the old Southern Words of the day at 
Questions or comments about the Southern Word of the Week should be
addressed to (Patrick Crispen, University of
Alabama ('98)).
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved
=====================[ Tourbus Rider Information ]===================
    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
      Copyright 1995-2001, Crispen & Rankin - All rights reserved
  Help the hungry, poor and sick - for free!
       Subscribe, Signoff, Archives, Free Stuff and More at the
               Tourbus Website -

TOURBUS - 20 DEC 01 - SULFNBK: The Un-Virus, viruses, hoaxes, urban legends, search engines, cookies, cool sites
TOURBUS Site Search