SR NEWS: GOOD TIMES VIRUS MYTH _________________________________________________________________ THE SO-CALLED "GOOD TIMES" VIRUS IS A HOAX You may receive warnings to avoid email containing "Good Times" in the subject line because it contains a virus. The claim is that merely reading this mail will cause your PC to become infected. Don't worry, this is nothing but a hoax. The U.S. Department of Energy's CIAC (Computer Incident Advisory Capability), America Online, and makers of anti-virus software (including Stiller Research) have declared the "Good Times" virus a hoax. Rest assured, there is no virus that can spread via email. WHAT IS THE GOOD TIMES VIRUS HOAX? The bogus warning is that a virus called Good Times is being carried by email. Reading a message with Good Times in the subject line will spread a virus to your PC. This hoax has gotten very wide-spread distribution. We at Stiller Research get almost daily inquiries from people concerned about this hoax. The original message ended with instructions to "Forward this to all your friends," and many people did just that. This hoax has been on a few occasions reported by the media. These reports have unfortunately given additional credibility to the hoax. Some very large companies and governmental agencies have fallen for the hoax. The original hoax had several collaborators and the hoax messages were planted from multiple people with people sometimes actually claiming to have been infected by the virus. I personally investigated several of these claims and found them to be bogus. There are several forms of the hoax message. The most common we have seen reads: --Begin quoted material-- The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality. What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop - which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late. --End quoted material-- The above message contains several absurdities beyond the basic email virus. The "nth complexity" loop is classic nonsense; no software technique like this will damage a processor. Since this hoax has become so widespread, several organizations have issued official explanations of the hoax. The U.S. Department of Energy's CIAC (Computer Incident Advisory Capability) issued a bulletin declaring the Good Times virus a hoax and an urban legend. The CIAC report on the Good Times hoax: --Begin quoted material-- In the early part of December, CIAC started to receive information requests about a supposed "virus" which could be contracted via America OnLine, simply by reading a message. --------------------------------------------------------------------------- | Here is some important information. Beware of a file called Goodtimes. | | | | Happy Chanukah everyone, and be careful out there. There is a virus on | | America Online being sent by E-Mail. If you get anything called "Good | | Times", DON'T read it or download it. It is a virus that will erase your | | hard drive. Forward this to all your friends. It may help them a lot. | --------------------------------------------------------------------------- THIS IS A HOAX. Upon investigation, CIAC has determined that this message originated from both a user of America Online and a student at a university at approximately the same time, and it was meant to be a hoax. CIAC has also seen other variations of this hoax, the main one is that any electronic mail message with the subject line of "xxx-1" will infect your computer. This rumor has been spreading very widely. This spread is due mainly to the fact that many people have seen a message with "Good Times" in the header. They delete the message without reading it, thus believing that they have saved themselves from being attacked. These first-hand reports give a false sense of credibility to the alert message. There has been one confirmation of a person who received a message with "xxx-1" in the header, but an empty message body. Then, (in a panic, because he had heard the alert), he checked his PC for viruses (the first time he checked his machine in months) and found a pre-existing virus on his machine. He incorrectly came to the conclusion that the E-mail message gave him the virus (this particular virus could NOT POSSIBLY have spread via an E-mail message). This person then spread his alert. As of this date, there are no known viruses which can infect merely through reading a mail message. For a virus to spread some program must be executed. Reading a mail message does not execute the mail message. Yes, Trojans have been found as executable attachments to mail messages, the most notorious being the IBM VM Christmas Card Trojan of 1987, also the TERM MODULE Worm (reference CIAC Bulletin B-7) and the GAME2 MODULE Worm (CIAC Bulletin B-12). But this is not the case for this particular "virus" alert. If you encounter this message being distributed on any mailing lists, simply ignore it or send a follow-up message stating that this is a false rumor. Karyn Pichnarczyk CIAC Team --End quoted material-- The latest information The pro-virus groups are very proud that they have fooled so many people with this hoax. Recently they have published the source code for a virus that they hope will be called "Good Times". The source code contains comments that claim the virus can infect via email. This is not the case. The virus is basically yet another boring file infector that we have added to collection of close to 7,000 viruses. We are calling this virus GT-Spoof to avoid playing into the hands of those that want to add extra credibility to the "Good Times" hoax. The claim that you can get infected by reading electronic mail is but one of many widespread misconceptions regarding viruses. Read about other Virus myths. Copyright © 1995 Stiller Research. Document Last Modified 6/09/95.