Need a little extra time off? Ad campaign offers fake virus attack on your computer's screen.

Mathew J. Schwartz, Contributor

December 2, 2013

4 Min Read

Did you party a bit too much over the long Thanksgiving weekend? Still have oodles of holiday shopping to complete? Or maybe you just need a break? Then why not infect your PC with a fake virus and system crash?

That's the pitch behind the Happy Hour Virus, which promises to deliver a full-screen browser page that mimics a kernel panic, broken monitor, or feared blue screen of death, thus making it suitable for use by work-averse Mac OS X, Linux, and Windows users.

Here's how it works, as explained on the website: "Tell your friends you're leaving work, preferably via Facebook or Twitter. Select a screen mode to 'break' your computer... Make frustrated sigh. Exit building."

bluescreen-2.jpg

"We are all better employees if we achieve something called a work-life balance," the virus site reads. "However, pursuing that goal is not always an easy task in today's corporate culture. Please use the Happy Hour Virus to leave work early and enjoy the company of friends, family or co-workers."

[ Could you tell if your Android device had been pwned? Read Android Security: 8 Signs Hackers Own Your Smartphone. ]

Would-be security experts reacted with mock alarm to news of the virus. Paul Ducklin, head of technology for Sophos in the Asia/Pacific region, cited David Ullard, "CYO" of Boulder, Colo.-based productivity and workplace security action group Boulder Online Regulators of Interactive Network Games -- get it? -- as saying: "We expect this problem to peak on Friday afternoons... This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser."

"Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default," Ducklin said breathlessly in a blog post.

He added that the cross-platform virus could easily be abused by people allergic to work. "Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don't get viruses and thus cannot actually crash at all."

Of course, Ducklin's analysis -- and as well as the entity known as "D. Ullard" -- are just an extension of the joke. In fact, as AdWeek first reported, the virus is part of an advertising campaign launched by Boulder-based advertising agency TDA_Boulder. The virus landing page links to an employment application for the agency.

The virus's self-sabotage capabilities might offer some respite from your daily grind. But be forewarned: If your manager -- or information security department -- becomes clued in to the ruse, that job holiday might become permanent.

For experienced PC users, Happy Hour will no doubt hark back to the good old days of DOS games, which excelled at offering fake functionality for the purposes of putting one over on your boss. Indeed, the games' major workplace innovation was the so-called boss button, or boss key, which filled the screen with a fake spreadsheet or other evidence of supposed productivity. Certain games, such as the IBM PC version of "Leather Goddesses of Phobos," took this to comic lengths, for example by populating its spreadsheet with unique cell entries, including adult-themed recreational items such as "inflatable milkman."

In time, boss buttons made the jump to the online realm. In 2008, for example, CBS added a boss button to its NCAA March Madness streaming site, to hide the stream behind a fake spreadsheet. After 2.5 million people clicked on the boss button that year, CBS announced that for 2009, the boss button would have a corporate sponsor.

As in the old boss-button days, after invoking the fake screen, the user can press a designated key -- in the case of the Happy Hour virus, appropriately enough, that's the "escape" button – to undo any apparent damage. Just don't make the damage permanent by getting caught.

Then again, maybe your boss is using it, too.

There's no such thing as perfection when it comes to software applications, but organizations should make every effort to ensure that their developers do everything in their power to get as close as possible. This Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, examines the challenges of finding and remediating bugs in applications that are growing in complexity and number, and recommends tools and best-practices for weaving vulnerability management into the development process from the very beginning. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights