[From ibm.net's Antivirus Online, 24 Feb 97]
                        antivirus online: Naughty Robots
In a slight variant of the usual Good Times sort of rumor, some
electronic pranksters have taken to mass-mailing various scary pieces
of e-mail to anyone whose address appears anywhere on the Net.  One
that was sent to thousands of users in January and February of 1997
contains a warning like this:
        NaughtyRobot exploits a security
        bug in HTTP and has visited your
        host system to collect personal,
        private, and sensitive information.
        It has captured your Email and
        physical addresses, as well as your
        phone and credit card numbers.
It goes on to advise the recipient to "alert your server SysOp, contact
your local police, disconnect your telephone, and report your credit
cards as lost."  The "From" address on the mail is always a forgery;
often it is the same as the "To" address, giving the false impression
that the sender actually has access to the recipient's account.
The letter's advice is, of course, bad.  The sender of the message has
found your electronic address somewhere on the Net; easy to do if
you've ever posted to a newsgroup, put a "mailto" on a Web page that
you own, or even just signed a Web site's "visitor log".  But that's
all they know about you; your local police are not interested, your
telephone is not about to explode, and your credit cards are as safe as
they ever were.
Sadly, there are programs generally available that will, given a
starting Web page and a message, dig through the Web looking for
electronic addresses, and send the message to each one found.  These
are usually (ab)used to send unsolicitied advertising.  In the case of
NaughtyRobot, some prankster decided it would be more fun to scare than
to sell.  As usual, take all such mail with a big grain of salt, and
see our pages on recognizing hoaxes for some good general advice.
And may all your robots be well-behaved...
---
---------------