Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Will adding a bogus entry to my address book stop viruses from emailing?

Question:

“[Long description of the technique adding a bogus email address to
the beginning of your address book omitted] … But, when it tries to
send itself to AAAAAAA@AAA.AAA it will be undeliverable because of the
phony email address you entered. If the first attempt fails (which it
will because of the phony address), the worm goes no further and your
friends will not be infected.”

Will this work Leo?

No.

Flat out, no qualifications, no. Does no harm but does no good.

OK, it might do some harm, in a backhanded way.

]]>

The theory is that malware which sends email does so by using your address book, and as it walks through your address book it will stop trying as soon as it encounters a failure to send. The technique then is to create an entry alphabetically first in your address book that any malware would encounter immediately, causing it to fail and go no further.

The theory is wrong.

In short:

“You may think that you’ve taken a step to protect yourself when you haven’t.”
  • Most malware no longer bothers with your address book, so doing anything to your address book is not nearly as effective as you might think.

  • Any malware that does use your address book may or may not do it in alphabetical order.

  • Any malware that does use your address book isn’t going to stop on a single error. It’s going to plow through no matter what.

Perhaps there was a virus that behaved this way many, many years ago, but malware has gotten very sophisticated. Simplistic solutions like this simply aren’t going to have any noticeable effect. You’re just as vulnerable before as after.

Speaking of vulnerable, I did say it might do some harm, didn’t I? Here’s how…

You may think that you’ve taken a step to protect yourself when you haven’t. You may then think you don’t need to take additional steps, when in fact you still do.

You might fool yourself into making yourself a bigger target.

Don’t do that.

There is simply no substitute for taking the steps necessary to protect yourself from malware. The “usual litany”:

  • Get behind a firewall

  • Keep software up to date

  • Use up to date anti-malware tools

  • Don’t open attachments you aren’t expecting, or aren’t 100% certain are safe

  • Don’t visit “questionable” websites

The list could go on, but those are the basics.

And you’ll notice that putting a bogus entry in your address book isn’t on it.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “Will adding a bogus entry to my address book stop viruses from emailing?”

  1. OK so adding the bogus email will not stop the malware, but the email server will bounce the email back, which indicates that you have a problem?

    Maybe, but I get so many bogus bounces every day it would get lost in the noise. And there’s no guarantee that the virus isn’t spoofing the from address so you wouldn’t get the bounce. This is not a useful fix, spend your time on prevention instead.

    – Leo
    07-May-2009
    Reply
  2. But if it does try to send it out, won’t you then be notified that it failed? I did this too, and then as a trial I sent it out, only to have my email program (outlook) immediately send me a notice that it failed. So it seems like it would work at least as a notification that something is wrong. Sometimes people you know get infected and send something infected. Just a thought.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.