The !0000 Hoax originally started
circulating in the Netherlands. The e-mail content contains a
"trick" how to prevent/stop mass-mailing routines used by
e-mail aware malware.
The suggestion is to set up a dummy !0000
(or others, such as AAAAA) e-mail
contact address in your Outlook or Windows address book, but without an
actual (real) e-mail address. This would, it is claimed, then cause the
e-mail to fail when accessed by an e-mail aware piece of malware.
This trick might work in a few instances,
however, it won't stop the vast majority of the e-mail aware
Here is a copy of the original Dutch version that
was going around:
Hierbij een handigheidje dat voorkomt
dat een (eenmaal bij je binnengedrongen) virus zich verspreid over
alle kennissen die in je adressenboek staan. Maak, in je
adressenboek, een nieuwe contactpersoon aan met de naam :!0000 en
zet daar geen emailadres bij. Deze fictieve contactpersoon zal nu
helemaal bovenaan in je adressenboek staan. Als nu een virus
probeert zichzelf te verspreiden via jouw adressenboek, dan zal je
computer de foutmelding geven: "Dit bericht kan niet verstuurd
worden, omdat een of meer contactpersonen geen geldig email-adres
heeft. Controleer uw adressenboek en zorg ervoor dat alle
contactpersonen een geldig email-adres hebben." Je klikt dan op
'OK'. Het virus wordt dan niet verzonden en je adressenboek is nog
in orde. Het virus zal opgeslagen worden in je postvak uit (of
'drafts' als je hotmail gebruikt). Ga daar naar toe en verwijder het;
ga dan naar je 'prullenbak' en verwijder het daar ook. Je hebt nu
wel voorkomen dat het virus zichzelf verspreidt via je adressenboek,
maar je moet nu nog wel zorgen dat je zelf het virus kwijtraakt !!
Below is a roughly translated English version of
In order to avoid a virus dissemination
by e-mail, add a contact to your address book named !0000 without
This contact will appear first at your
If a virus tries to send itself to all
your contacts it will cause an error message to be displayed, saying
that the message couldn't be sent because one or more contacts has
no e-mail address.
Then, you can delete the message that
contains the virus from the Sent Items.
Below is a new, lengthy version in English:
Here is something I learned today. A computer trick today that's
really ingenious in its simplicity.
As you may know, when/if a worm virus
gets into your computer it heads straight for your email address
book and sends itself to everyone in there, thus infecting all your
friends and associates. This trick won't keep the virus from getting
into YOUR computer, but it will stop it from using your address book
to spread further, and it WILL ALERT YOU to the fact that the worm
has gotten into your system.
Here's what you do:
first, open your address book and click
on "new contact" just as you would do if you were adding a
new friend to your list of email addresses.
In the window where you would type your
friend's first name, type in !000 (that's an exclamation mark
followed by 3 zeros).
In the window below where it prompts you
to enter the new email address, type in "WormAlert". Then
complete everything by clicking add, enter, ok, etc.
Now, here's what you've done and why it
works: the "name" !000 will be placed at the top of your
address book as entry #1. This will be where the worm will start in
an effort to send itself to all your friends. But when it tries to
send itself to !000, it will be undeliverable because of the phony
email address you entered (WormAlert). If the first attempt fails
(which it will because of the phony address), the worm goes no
further and your friends will not be infected.
Here's the second great advantage of
this method: if an email cannot be delivered, you will be notified
of this in your InBox almost immediately. Hence, if you ever get an
email telling you that an email addressed to WormAlert could not be
delivered, you know right away that you have the worm virus in your
system. You can then take steps to get rid of it!
Be a responsible email user and do this.
New Version, which adds a new twist:
HOW TO PROTECT YOUR ADDRESS BOOK:
I learned a computer trick today that's
really ingenious in it simplicity. As you may know, when/if a worm
virus gets into your computer it heads straight for your email
address book, and sends itself to everyone in there, thus infecting
all your friends and associates. This trick won't keep the virus
from getting into your computer, but it will stop it from using your
address book to spread further, and it will alert you to the fact,
that the worm has gotten into your system.
Here's what you do: first, open your address
book and click on "new contact" just as you would do if
you were adding a new friend to your list of email addresses. In the
window where you would type your friend's first name, type in
AAAAAAA. In the window below where it prompts you to enter the new
email address, type in WormAlert@somewhere.com . Then complete
everything by clicking add, enter, ok, etc.
Now, here's what you've done and why it
works: The "name" AAAAAAA will be placed at the top of
your address book as entry #1. This will be where the worm will
start in an effort to send itself to all your friends. But when it
tries to send itself to AAAAAAA, it will be undeliverable because of
the phony email address you entered (WormAlert@somewhere.com). If
the first attempt fails (which it will because of the phony
address), the worm goes no further and your friends will not be
Here's the second great advantage of this
method: If an email cannot be delivered, you will be notified of
this in your InBox almost immediately. Hence, if you ever get an
email telling you that an email addressed to WormAlert@somewhere.com
could not be delivered, you know right away that you have the worm
virus in your system. You can then take steps to get rid of it!
Pretty neat, huh?
If everybody you know does this then you
needn't ever worry about opening mail from friends. Pass this on to
all your friends.
What's the twist? Simply that email@example.com
is a valid and functioning e-mail address. The company 'Somewhere' does
exist, and therefore someone has taken this hoax and turned it into a
targeted Spam attack.
Here's part of the response you will get from WormAlert@Somewhere.com
if you send an e-mail to it:
In reply to a message from "xyz"
<firstname.lastname@example.org>. Over 70,000 auto-replies sent in the past
-----BEGIN PGP SIGNED MESSAGE----- Hash:
You are receiving this message because you
either sent mail to the address email@example.com, OR someone
sent mail to you and a copy to firstname.lastname@example.org. We are
trying to stop this hoax, and this is the best way we can think of
to do that. This is an automatic reply message, however we will read
any replies to this message.
There is a message traveling around advising
people that they should add an entry called "email@example.com"
to their address book and give it the name "AAAAAA". This
(so the rumour goes) will allow them to detect when they get a
virus, because the virus will send mail to that address first,
they'll get the bounce, and then they'll know that they have a virus
and can stop it. The message sometimes even claims the bogus address
will somehow "stop" the virus from spreading.
This is a hoax, it does not work. In fact,
the wormalert address receives hundreds of viruses every day--all
from people who put it in their address book because they thought it
would protect them.
1. If a virus has infected your computer,
it's too late. Even if you did see the bounce, the virus has already
had time to send to everyone in your address book and fully infect
your computer. Time to run a virus disinfectant if you are lucky,
restore from backups if you are not.
2. Most viruses don't scan your address book
in alphabetical order.
3. A false address is not going to keep a
virus from sending messages to every other address. There are two
kinds of "bad" addresses. An address may be malformed or
it may refer to an account that doesn't exist. A virus will ignore
the first kind, and the second kind will eventually send back an
error message which you may or may not read. Neither will stop a
virus, and the bounce may not show up for hours or days.
4. Most viruses forge the from address (the
Klez virus sets it to the address of someone else in your address
book). You may well have had people complain that you sent them a
virus when you didn't--that's why. But this means that the virus may
not bounce back to you, the error message may go to someone else in
your address book along with a copy of the virus.
What you are seeing is the creation of a
computer superstition. It's not surprising, the internet doesn't
come with a manual--there's no good way for you to know what is real
and what is not. But putting wormalert in your address book is right
up there with using garlic cloves to ward off the plague. And like
most superstitions, it's making people ignore the *real* way to
combat the problem. False beliefs can be dangerous.
There is absolutely no substitute for
anti-virus software. If you run Windows, run anti-virus software.
And you *absolutely* must update the virus definitions every week.
Not once a year, not once a month. Once a week. If you're paranoid
about this (I am), update it once a night. I'd recommend software
that automatically updates. Some anti-virus companies are only now
making versions that do this for dialup users--check and see if
If you don't want the hassle of running
anti-virus software and constantly checking for virus updates and
application updates, I strongly suggest you go buy a Mac. It's not a
panacea, but it's a lot easier to manage and there are a *lot* less
viruses. I get about 70,000 email messages every year, along with
more than 2000 attachments. In 13 years of using a Mac I've been
infected by *one* virus, ten years ago. In 20 years of using Unix
(e.g. Linux) computers I've had none. The only recent viruses I've
received that *could* have infected my computers were Microsoft Word
viruses--and those got caught by the anti-virus software. That's not
to say I don't run Windows either--but I don't read mail on Windows
machines, and I don't put them directly on the internet, it's just
not worth the hassle. So, either use a platform that virus writers
don't target, or run anti-virus software and keep all of your
If you really want to help your friends and
protect them from viruses, cut and paste the following virus cure
and send *it* to everyone in your address book.
****** How to Protect Yourself from Viruses
1. Run anti-virus software and update the
virus descriptions weekly. 2. Check weekly or monthly for security
updates to your OS, email, browser, and office applications.
(Microsoft, Apple and the Linux vendors all provide automatic
mechanisms to do this--use them). 3. Backup your computer. 4. Relax,
you've done everything you can--time to forward some more jokes. :-)
For more information about who we are (so
you can see if *this* message is telling the truth) see http://consulting.somewhere.com/.
I run Somewhere.Com, an internet development consulting company (web
development, programming, security and the like). This isn't an ad,
I just want you to be able to verify that this isn't yet another
hoax. You can also search for my name on the internet to find out
who I am. If you're really curious, Google Groups has postings of
mine going back to 1983 or so. You'll notice that the hoaxes you
recieve in email seldom give you a place to go and confirm them, let
alone attach a name you can easily track down and verify.
** This is an automated reply to a message
sent to firstname.lastname@example.org ** ** To communicate with a human,
send mail to email@example.com ** -----BEGIN PGP
SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see
CAqB1wD0JAu9mP6tBiz8MyU= =tAyh -----END PGP SIGNATURE-----
Please don't rely on this "trick", in
most cases it won't work, don't forward this Hoax on to other people-
delete it. Instead of using this trick, try Installing the latest
Microsoft patches for Outlook as you will get better protection, and/or use
a good up-to-date anti-virus product.