California Educational Data Processing Association |
|
The DataBus - Vol. 36, No. 3
|
Addison Ching
Dr. Robert Jones, Senior Microcomputer Consultant for the Los Angeles County Office of Education submits the following information about the "Good Times" virus hoax that perennially plagues the Internet.
"I downloaded from the net a few of the notices on this hoax which included the CERT advisory. The text below appears to be the original CIAC bulletin. The author is now with Cisco."
CIAC has also seen other variations of this hoax, the main one is that any electronic mail message with the subject line of "xxx-1" will infect your computer.
This rumor has been spreading very widely. This spread is due mainly to the fact that many people have seen a message with "Good Times" in the header. They delete the message without reading it, thus believing that they have saved themselves from being attacked. These first-hand reports give a false sense of credibility to the alert message.
There has been one confirmation of a person who received a message with "xxx-1" in the header, but an empty message body. Then, (in a panic, because he had heard the alert), he checked his PC for viruses (the first time he checked his machine in months) and found a pre-existing virus on his machine. He incorrectly came to the conclusion that the E-mail message gave him the virus (this particular virus could NOT POSSIBLY have spread via an E-mail message). This person then spread his alert.
As of this date, there are no known viruses which can infect merely through reading a mail message. For a virus to spread some program must be executed. Reading a mail message does not execute the mail message. Yes, Trojans have been found as executable attachments to mail messages, the most notorious being the IBM VM Christmas Card Trojan of 1987, also the TERM MODULE Worm (reference CIAC Bulletin B-7) and the GAME2 MODULE Worm (CIAC Bulletin B-12). But this is not the case for this particular "virus" alert.
If you encounter this message being distributed on any mailing lists, simply ignore it or send a follow-up message stating that this is a false rumor. Karyn Pichnarczyk CIAC Team
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- NOT READING IT! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent-it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it!. Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
Bob suggests that there is a very good review of the hoax and related issues and questions posted at the following sites:
ftp://usit.net/pub/lesjones/good-times-virus-hoax-faq.txt
http://www.usit.net/public/lesjones/goodtimes-faq.html
http://users.aol.com/macfaq/goodtimes-faq.html
A FAQ is also available on CEDPA's web site.