If anyone repeats the hoax, please show them the FAQ.
by Les Jones (lesjones@usit.net)
December 12, 1998
This information may be freely reproduced in any medium as long as the information is unmodified.
The most current version can always be found at
I've updated some of the links, and added a link to the French version of the FAQ.
Please note a change in URLs at www.usit.net. Also, if you have the FAQ on your web page, I encourage you to link to the web sites below, so that you readers will always get the most current copy of the FAQ. Many of the emails I receive are from people reading old versions. (And if you're reading the FAQ anywhere but the pages below, you may be reading an old version.)
http://www.public.usit.net/lesjones/goodtimes.html
http://www.public.usit.net/lesjones/goodtimes-mini-faq.html
Good Times has spread to many countries, and has been translated into many languages. If you are bilingual, you can help debunk Good Times by translating the FAQ into another language. If you do translate the FAQ, please let me know the URL so I can include it in the FAQ.
Español
Víctor A. Rodríguez (Bit-Man@telefonica.Com.AR) has translated the FAQ into Spanish.
http://www.intersolar.com.ar/virus/GoodTimes.html
Français
François R. Gouget (fgouget@free.fr) has translated the FAQ into French
http://fgouget.free.fr/goodtimes/goodtimes-fr.html
If you teach classes or write books about the Internet, I encourage to educate people about Good Times. The Good Times myth is not going away anytime soon, so we should start including it in Internet curriculum now. The FAQ is free for redistribution in any medium, so feel free to integrate it into any class materials or published works.
Yes. It was a hoax in November of 1994, and it's still a hoax in November of 1996.
America Online, government computer security agencies, and makers of anti-virus software have declared Good Times a hoax. See "Why should I believe the FAQ instead of the hoax?"
Since the hoax began in November of 1994, no copy of the alleged virus has ever been found, nor has there been a single verified case of a viral attack.
These are copycats of Good Times. Only the name has changed. See the next question for resources.
Note that I am not maintaining a list of these hoaxes. Since the FAQ was first written, several good resources are available for this sort of thing. This FAQ is primarily a historical account of the Good Times Virus Hoax.
Good question. Why should you believe something just because it's in a FAQ? More importantly, why should you believe something just because it's in a Usenet newsgroup or email message?
The easiest way to stop this kind of nonsense is to go to an authority. Several publishers of anti-virus software have Web pages with searchable databases of virus descriptions. CIAC is also a reliable source of information.
Data Fellows Computer Virus Information Center
http://www.datafellows.fi/vir-info/index.htm#search
http://www.accessone.com/support/modems/
Data Fellows description of:
Good Times
http://www.datafellows.fi/v-descs/goodtime.htm
Irina
http://www.datafellows.fi/v-descs/irina.htm
Deeyenda
http://www.datafellows.fi/v-descs/deeyenda.htm
Computer Incident Advisory Capability (CIAC - U.S. federal gov't) Internet Hoax Page
http://ciac.llnl.gov/ciac/CIACHoaxes.html
CIAC Notes relating to Good Times
http://ciac.llnl.gov/ciac/notes/Notes04c.shtml
http://ciac.llnl.gov/ciac/notes/Notes05d.shtml
http://ciac.llnl.gov/ciac/notes/Notes09.shtml
Dr. Solomon's description of Irina
http://www.drsolomon.com/vircen/irina.html
Symantec's description of virus hoaxes (including Deeyenda, Irina, Good Times, and PKZIP300/3b)
http://www.symantec.com/avcenter/hoax.html
The story is that a virus called Good Times is being carried by email. Just reading a message with "Good Times" in the subject line will erase your hard drive, or even destroy your computer's processor. Needless to say, it's a hoax, but a lot of people believed it.
The original message ended with instructions to "Forward this to all your friends," and many people did just that. Warnings about Good Times have been widely distributed on mailing lists, Usenet newsgroups, and message boards.
The first widely-distributed version of the hoax started in early December of 1994. It sprang up again in March of 1995. In mid-April, a new version of the hoax that mentioned an FCC report began circulating. Worried that Good Times would never go away, I decided to write the FAQ. These worries proved valid when the hoax began popping up again in October of 1995.
It's no longer accurate to speak of "comebacks" and "outbreaks" of Good Times. It's just there - part of the landscape, like kudzu and dandelions. As a result, I am no longer tracking outbreaks or taking reports of the hoax. Thanks to everyone who sent in earlier reports.
For those who already know it's a hoax, it's a nuisance to read the repeated warnings. For people who don't know any better, it causes needless concern and lost productivity.
The virus hoax infects mailing lists, bulletin boards, and Usenet newsgroups. Worried system administrators needlessly worry their employees by posting dire warnings. The hoax is not limited to the United States. It has appeared in several English-speaking and non-English-speaking countries. One reader sent me an English transcription of a radio broadcast in Malta.
Adam J Kightley (adamjk@cogs.susx.ac.uk) said, "The cases of 'infection' I came across all tended to result from the message getting into the hands of senior non-computing personnel. Those with the ability and authority to spread it widely, without the knowledge to spot its nonsensical content."
Some of the companies that have reportedly fallen for the hoax include AT&T, CitiBank, NBC, Hughes Aircraft, Microsoft, Texas Instruments, and dozens or hundreds of others. There have been outbreaks at numerous colleges.
The U.S. government has not been immune. Some of the government agencies that have reportedly fallen victim to the hoax include the Department of Defense, the FCC, NASA, the USDA, U.S. Census Bureau, and various national labs. I've confirmed outbreaks at the Department of Health and Human Services, though they had the good sense to question the hoax, and ask for more information on Usenet, before passing the hoax along to their employees.
The virus hoax has occasionally escaped into the popular media. Charles W. Haase (cwhaase@ucdavis.edu) reports that on April 4, 1995, during the Tom Sullivan show on KFBK 1530 AM radio in Sacramento, California, a police officer warned listeners not to read email labeled "Good Times", and to report the sender to the police. Other radio stations, including Australia's ABC radio, have also spread the hoax.
There are scattered reports of the virus spreading via Faxnet, that low-tech network of secretaries and bored knowledge workers that traffics in cartoons and dumb blonde jokes.
On December 6, 1994, the U.S. Department of Energy's CIAC (Computer Incident Advisory Capability) issued a bulletin declaring the Good Times virus a hoax and an urban legend. The bulletin was widely quoted as an antidote to the hoax. The original document can be found at the address in Online References at the end of the FAQ. Note that the document went through several minor revisions, with 94-04c of December 8 being the most recent.
----Begin quoted material----
THE "Good Times" VIRUS IS AN URBAN LEGEND
In the early part of December, CIAC started to receive information requests about a supposed "virus" which could be contracted via America OnLine, simply by reading a message.
--------------------------------------------------------------------------- | Here is some important information. Beware of a file called Goodtimes. | | | | Happy Chanukah everyone, and be careful out there. There is a virus on | | America Online being sent by E-Mail. If you get anything called "Good | | Times", DON'T read it or download it. It is a virus that will erase your| | hard drive. Forward this to all your friends. It may help them a lot. | ---------------------------------------------------------------------------THIS IS A HOAX. Upon investigation, CIAC has determined that this message originated from both a user of America Online and a student at a university at approximately the same time, and it was meant to be a hoax.
CIAC has also seen other variations of this hoax, the main one is that any electronic mail message with the subject line of "xxx-1" will infect your computer.
This rumor has been spreading very widely. This spread is due mainly to the fact that many people have seen a message with "Good Times" in the header. They delete the message without reading it, thus believing that they have saved themselves from being attacked. These first-hand reports give a false sense of credibility to the alert message.
There has been one confirmation of a person who received a message with "xxx-1" in the header, but an empty message body. Then, (in a panic, because he had heard the alert), he checked his PC for viruses (the first time he checked his machine in months) and found a pre-existing virus on his machine. He incorrectly came to the conclusion that the E-mail message gave him the virus (this particular virus could NOT POSSIBLY have spread via an E-mail message). This person then spread his alert.
As of this date, there are no known viruses which can infect merely through reading a mail message. For a virus to spread some program must be executed. Reading a mail message does not execute the mail message. Yes, Trojans have been found as executable attachments to mail messages, the most notorious being the IBM VM Christmas Card Trojan of 1987, also the TERM MODULE Worm (reference CIAC Bulletin B-7) and the GAME2 MODULE Worm (CIAC Bulletin B-12). But this is not the case for this particular "virus" alert.
If you encounter this message being distributed on any mailing lists, simply ignore it or send a follow-up message stating that this is a false rumor.
Karyn Pichnarczyk
CIAC Team
ciac@llnl.gov----End quoted material----
Note: Karyn is now with Cisco. Her new email address is karyn@cisco.com.
The CIAC report was wrong when it stated that the hoax was started by "a user of America Online and a student at a university." See "Who started the hoax."
I have an early version of the hoax that dates back to November 15, 1994, when it was posted to the TECH-LAW mailing list. This is currently the earliest known example of Good Times. See also "When did the hoax start?"
----Begin quoted material----
FYI, a file, going under the name "Good Times" is being sent to some Internet users who subscribe to on-line services (Compuserve, Prodigy and America On Line). If you should receive this file, do not download it! Delete it immediately. I understand that there is a virus included in that file, which if downloaded to your personal computer, will ruin all of your files.
----End quoted material----
One person remembers seeing Good Times as far back as April or May of 1994, but there is no supporting evidence for that claim. For now, the FYI message qualifies as the earliest prototype of Good Times.
This is the canonical Happy Chanukah message as I received it on December 2, 1994, and as it was quoted in the CIAC report, though it's not the earliest message. This message was largely responsible for sparking the December Good Times panic.
----Begin quoted material----
Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there.There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.
----End quoted material----
The "happy Chanukah" greeting in the original message dates it, so more recent hoax eruptions have used a different message. The one below can be identified because it claims that simply loading Good Times into the computer's ASCII buffer can activate the virus, so I call it ASCII.
Karyn Pichnarczyk (karyn@cisco.com) remembers the ASCII message from the original hoax in December of 1994, though I never saw it. Mikko Hypponen (Mikko.Hypponen@datafellows.fi) sent me a copy of this warning that dates back to December 2, 1994. The Infinite Loop variety of ASCII is now the basis for the most common warnings.
----Begin quoted material----
Thought you might like to know...
Apparently , a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality.
What makes this virus so terrifying is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet.
Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way - in a text e-mail message with the subject line reading simply "Good Times". Avoiding infection is easy once the file has been received - not reading it. The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent - it will send copies of itself to everyone whose e-mail address is contained in a received-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on.
The bottom line here is - if you receive a file with the subject line "Good TImes", delete it immediately! Do not read it! Rest assured that whoever's name was on the "From:" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the InterNet! It could save them a lot of time and money.
----End quoted material----
You rarely see the pure ASCII version any more. One common variation mentions an FCC memo, and claims that Good Times can destroy a computer's processor by placing the processor in a "nth-complexity infinite binary loop," which is a fancy-sounding bit of science fiction. This is by far the most common version nowadays, and consists of ASCII with the following additional material:
----Begin quoted material----
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop - which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.
----End quoted material----
No. (Note to foreign readers: the FCC is the Unites States Federal Communications Commission, which is in charge of regulating radio, TV and other electronic communications, but not the Internet.)
It's possible that the warning hit the FCC, and was then forwarded to another government agency. Government agencies and the military have frequently been hit by the hoax. This is probably due to the communications infrastructure in the government, as well as the federal government's greater awareness of security issues. Someone looking at the mail headers may have assumed that the warning originated at the FCC. This is just supposition, however.
I thought I knew, but new evidence has come to light. In the original FAQ, I wrote the following paragraphs:
----
December 2, 1994 is often quoted as the beginning of the hoax, but some of the AOL forward message headers in the copy I received put the date at December 1. One non-AOL header is dated November 29, though that date could easily have been forged.
Also, notice the text of the original message as it was sent to me, and quoted in the CIAC report:
Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there.There is a virus on America Online being sent by E-Mail. If you get anything called "Good Times", DON'T read it or download it. It is a virus that will erase your hard drive. Forward this to all your friends. It may help them a lot.
The first paragraph suggests that someone was forwarding the information in the second paragraph. A seasonal greeting like "Happy Chanukah" is almost never placed in the second paragraph of a letter, suggesting even more strongly that this message was repeating information from someone else.
----
After reading the FAQ, several people reported earlier instances of the hoax. On November 15, 1994, Rich Lavoie (lavoie@cwt.com) posted it to the TECH-LAW mailing list. Rodney Knight (r.j.knight@rl.ac.uk) saw that message on a newsgroup, and forwarded the warning to the POSTCARD mailing list. November 15 is currently the earliest confirmed sighting.
Anthony Altieri (magneto@epix.net) and many others recollected the hoax as far back as April or May of 1994, but that recollection is so far unsubstantiated by any evidence.
We don't know who started the hoax. You'll meet people who think they know who started it, or where it started. They are mis-informed. Show them the FAQ. I've seen some people claim that the hoaxsters were arrested and convicted. This is incorrect.
The CIAC report stated that the hoax was started by "a user of America Online and a student at a university." I asked Karyn Pichnarczyk about that. During the December outbreak of Happy Chanukah, several people tried to trace the hoax by following messages headers. When America Online traced headers, they stopped at an AOL account. When Nathan Gilliatt (gilliatt@ac.duke.edu) traced headers in different messages, the messages seemed to stop at Swarthmore College.
Karyn said she didn't know who to believe, so she said that the virus was started by "a user of America Online and a student at a university." We now know that "Happy Chanukah" wasn't the original message, so tracing headers was a futile attempt to trace the origin of the hoax.
Asking who started the hoax assumes that someone consciously started the hoax. It's remotely possible that Good Times is a highly distorted report of some real or semi-real event. After being told and retold, the story became the Good Times hoax as we know it. The Telephone Game gone mad. The problem with this theory is that it's probably impossible to prove.
AOL postmaster David O'Donnell (PMDAtropos@aol.com) has another theory about the origins of the hoax. David says that there was once a Good Times chain letter going around. To stop the chain letter, David's theory goes, someone claimed that the chain letter contained a virus, and warned people to delete any email with "Good Times" in the subject line. Alan Braggins (armb@setanta.demon.co.uk) and others recall seeing the chain letter prior to the virus hoax.
Several people have mailed me copies of a Good Luck chain letter that may have mutated into the Good Times chain letter than David O'Donnell remembers.
This one if from Wolf-Dieter Roth (102404.75@CompuServe.COM):
---Begin quoted material----
> GOOD LUCK TOTEM > > > \\\|||/// > ========= > | O O | > \v_'/ > # _| |_ > (#) ( ) > #\//|* *|\\ > #\/( * )/ > # ===== > # (\ /) > # || || > .#---'| |----. > #----' -----' > > > This message has been sent to you for good luck. The original is > in New England. It has been sent around the world nine times. > The luck has now been sent to you. You will receive good luck > within four days of receiving this message -- provided you, in > turn, send it on. This is no joke. You will receive good luck > in the mail -- but no money. > > Send copies to people you think need good luck. Don't send money > as fate has no price. Do not keep this message. > > This message must leave your hands in 96 hours. Please send ten > copies and see what happens in four days. The chain comes from > United States and was written by Diana Li, a missionary from > Asia. Since the copy must tour the world, you must make ten > copies and send them to friends and associates. After a few > days, you will get a surprise. This is true, even if you are > not superstitious. > > Good luck, but please remember: 10 copies of this message must > leave your hands in 96 hours... You must not sign on this > message...---End quoted material----
Yes. In the wake of the publicity over Good Times, VLAD tried to grab the spotlight by writing a virus with that name. It in no way acted like the legendary Good Times. Rather, it was based on existing source code. VLAD (short for Virus Labs and Distribution) is a group of virus writers. Makers of anti-virus software have generally called this the GT Spoof virus.
VLAD, apparently wanting publicity, emailed me to take credit for the virus. This email is from Tue, May 09, 1995 4:19 PM EST, and consists of quoted material from an earlier email exchange:
----Begin quoted material----
(lesjones@usit.net wrote:) > (vlad@trisection.mit.edu wrote:) > > > You'll find that although it is not an email virus, there IS an ms-dos > > virus bearing the name "Good Times" it can be found in vlad#4. > (Metabolis) > > I heard about it last week. It's a copycat that was created six months after > the hoax began. > > Leslie > That's right! Even we Vxers have a sense of humor. BTW, it's not a 'copycat,' it's simply a good joke (many people have fallen for it until they actually look at the source). :) --Antigen----End quoted material----
A warning about the PKZIP300 Trojan horse is sometimes attached to warnings about Good Times. The PZKIP300 Trojan was real, and surfaced in May of 1995. Like most Trojans, it quickly disappeared. Only the warnings persist. Karyn Pichnarczyk heard a good parody of these warnings: "Panic! There used to be a fire, somewhere, about a year ago, and someone put it out, but be careful, and look out for this particular fire!"
For references, see "Why should I believe the FAQ instead of the hoax?"
The Irina hoax was reportedly part of a failed publicity stunt from Penguin Books UK for a book called Irina in September of 1996. Its powers were said to be similar to those of Good Times. For references, see "Why should I believe the FAQ instead of the hoax?"
Example warning:
There is a computer virus that is being sent across the Internet. If >you receive an email message with the subject line "Irina", DO NOT read the message, DELETE it immediately. Some miscreant is sending email and files under the title "Irina". If you receive this file, do not download it.
It has a virus that rewrites your hard drive, obliterating anything on it. Please be careful and forward this mail to anyone you care about.
Pen Pals is another copycat of Good Times.
Example message:
If anyone receives mail entitled: PENPAL GREETINGS! please delete itWITHOUT reading it. Below is a little explanation of the message, andwhat it would do to your PC if you were to read the message. If you haveany questions or concerns please contact techhelp.
This is a warning for all internet users - there is a dangerous viruspropogatingacross the internet through an e-mail message entitled "PENPAL GREETINGS!".DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are interestedina penpal, but by the time you read this letter, it is too late. The "trojanhorse"virus will have already infected the boot sector of your hard drive,destroying allof the data present. It is a self-replicating virus, and once the message isread,it will AUTOMATICALLY forward itself to anyone who's e-mail address ispresentin YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROYthehard drive of anyone whose mail is in your inbox, and who's mail is in theirinbox,and so on. If this virus remains unchecked, it has the potntial to do agreat dealof DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you seeit! And pass this message along to all of your friends and relatives, andthe otherreaders of the newsgroups and mailing lists which you are on, so that theyare nothurt by this dangerous virus!!!!
Another non-existent virus. For references, see "Why should I believe the FAQ instead of the hoax?"
Example warning:
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, EMAIL, and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information, such as email and login passwords, credit cards, personal inf., etc.
The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and password are send to the server, this virus can copy this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).
The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked your computer will be unsecure. Although it can attack any O/S this virus is most likely to attack those users viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pagesand fear its spread.
Please pass this on, for we must alert the general public at the security risks.
As with Good Times, there was no such FCC warning.
The short answer is no, not the way Good Times was described.
The long answer is that this is a difficult question that's open to nit-picking. Keep three things in mind when considering the question:
There are some email programs that can be set to automatically download a file attachment, decode it, and execute the file attachment. If you use such a program, you would be well advised to disable the option to automatically execute file attachments.
You should, of course, be wary of any file attachments a stranger sends you. At the very least, you should check such file attachments for viruses before running them.
After I posted the FAQ to Usenet in October of 1995, many people wrote to mention the Word macro virus, which had recently stepped into the light. Sometimes known as the Winword.concept virus or the Word prank macro virus, it breaks the rule that viruses are operating system-specific by infecting both Macs and PCs running several different operating systems. Breaking another rule, it infects documents instead of programs.
Why can the Word macro virus affect several operating systems?
When programmers write code, they typically write the source code in a text file. The source code is then run through a compiler, which converts the source code into instructions that can be understood by a certain type of operating system and computer chip. That's why most programs (including most viruses) can only run under one type of operating system. The resulting program is variously called a binary, application, or executable, and can function by itself.
Programmers can also run the source code through an interpreter, which executes the code line by line, but does not produce an executable program. The Word macro virus is an example of an interpreted program. The interpreter in this case is the Word Basic macro facility that's part of Word 6.0 for Windows, Word for Windows 95, Word for Windows NT, and Word 6.0 for Macintosh. The same source code (the macro virus) runs on four different operating systems because the interpreter (Word Basic) is available on all four operating systems. (I'll be generous and call Windows 3.1 an operating system.)
What does the Word macro virus do?
This text is excerpted from M. David Stone's excellent article in the February, 1996 issue of PC Magazine:
"An infected document is actually a template masquerading as a document. The virus manages this trick because although uses a .DOT extension by default for templates, it doesn't require that .DOT extension. And a template, by any name, can store macros. The key to the Winword.concept virus is an AutoOpen macro, which runs each time you open the document. When you open an infected document, the virus modifies the Normal template, Normal.dot, which Word keeps loaded at all times--even when you're using another template. Once infected, Normal.dot will infect any documents you save with the Save As command. And since Word calls on the Save As command every time you save a new document, that means every new document you create will be infected."
"The good news about the Winword.concept virus is that, at least in its original form, it's only annoying, not harmful. (The virus contains the comment "That's enough to prove my point." Obviously the anonymous author wanted to show that a virus could be transmitted via a macro, but didn't feel the need to be destructive about it.) The bad news is that the virus was unleashed on the world in unencrypted form. That means that anyone who gets a hold if it and understands just a little bit of Word Basic can modify it to do serious harm--like erasing files from your hard disk. (I won't go into specifics for obvious reasons.)"
How can I protect myself?
A number of free utilities are available, along with some excellent information about macro viruses for Microsoft Excel, Lotus Ami Pro and Lotus Word Pro.
DataFellows information and software for:
Microsoft Word macro viruses http://www.datafellows.fi/macro/word.htm Excel macro viruses http://www.datafellows.fi/macro/excel.htm Lotus Ami Pro macro viruses http://www.datafellows.fi/macro/amipro.htm
Dr. Solomon Macro Virus Alerts http://www.drsolomon.com/vircen/macrovir.html
Microsoft - Microsoft Excel: Laroux Virus http://www.microsoft.com/excel/productinfo/vbavirus/emvolc.htm
Use a virus checker regularly. Freeware, shareware, and commercial anti-virus programs are widely available. Which program you use isn't as important as how often you use it. Most people get into trouble because they never bother to check their computer for viruses. The National Computer Security Association estimates that if just 30% of computer owners regularly used up-to-date anti-viral software, the virus problem would virtually disappear.
Most viruses spread through floppy disks, so isolating yourself from online services and the Internet will not protect you from viruses. In fact, you're probably safer if you're online, simply because you'll have access to anti-viral software and information.
Yes, but it wasn't a computer virus. It was more like a social virus or a thought virus.
When someone on alt.folklore.urban asked if the virus was for real, Clay Shirky (clays@panix.com) answered:
"Its for real. Its an opportunistic self-replicating email virus which tricks its host into replicating it, sometimes adding as many as 200,000 copies at a go. It works by finding hosts with defective parsing apparatus which prevents them from understanding that a piece of email which says there is an email virus and then asking them to remail the message to all their friends is the virus itself."
Shirky eloquently described what a lot of people were thinking. So what is a virus? To a biologist, a virus is a snippet of genetic material that must infect a host organism to survive and reproduce. To be contagious, a virus usually carries instructions that cause the host to engage in certain pathological activities (such as sneezing and coughing) that spread the infection to other organisms.
To a computer programmer, a virus is a snippet of computer code that must infect a host program to spread. To be contagious, a computer virus usually causes the host program to engage in certain pathological activities that spread the infection to other programs
From this perspective, it's easy to see the Good Times hoax as a sort of thought virus. To be contagious, a thought virus causes the host to engage in certain pathological activities that spread the infection.
In the case of Good Times, the original strain (happy Chanukah) explicitly told people to "forward this to all your friends." The other major viral strain (infinite loop) encourages people to "Please be careful and forward this mail to anyone you care about," and "Warn your friends and local system users of this newest threat to the InterNet!"
Likewise, the stories of an FCC modem tax encourage people to tell their friends and post the warning on other BBSes. David Rhodes' Make Money Fast scam instructs people to re-post the message to as many as ten bulletin boards.
In _The Selfish Gene (1976, University of Oxford Press), Oxford evolutionary biologist Richard Dawkins extends the principles in his book from biology to human culture. To make the transition, Dawkins proposes a cultural replicator analogous to genes. He calls these replicators memes.
"Examples of memes are tunes, ideas, catch-phrases, clothes fashions, ways of making pots or of building arches. Just as genes propagate themselves in the gene pool by leaping from body to body via sperm or eggs, so memes propagate themselves in the meme pool by leaping from brain to brain via a process which, in the broad sense, can be called imitation. ... As my colleague N. K. Humphrey neatly summed up an earlier draft of this chapter: "...memes should be regarded as living structures, not just metaphorically, but technically. When you plant a fertile meme in my mind you literally parasitize my brain, turning it into a vehicle for the meme's propagation in just the way that a virus may parasitize the genetic mechanism of a host cell.""
Amazingly, when I read alt.folklore.computers looking for research material, two people had already mentioned Dawkins' memes. One of them referred to an article in the April 8, 1995 _New Scientist about something called the Meme Research Group. (The article erroneously stated that the group is at the University of California, San Francisco. In fact, they are at Simon Fraser University in British Columbia.)
The Meme Research Group is collecting chain letters to analyze them. The more copies they get, the more information they have to analyze. Send those unwanted chain letters to meme@scottlabsgi.chem.sfu.ca.
I am not a memeticist, and a real memeticist might take umbrage at my explanation of the concept. To learn more, visit the alt.memetics newsgroup on Usenet, and especially the alt.memetics home page on the World Wide Web <http://maxwell.lucifer.com/virus/alt.memetics/>. Though we've talked about memes in terms of viruses (a common analogy), the concept of a meme is neither good nor bad. The idea of "Do unto others as you would have them do unto you" is as much a meme as the Good Times hoax.
Create a counter virus like this one as an antidote. To make the counter virus contagious, include instructions such as, "The Good Times email virus is a hoax. If anyone repeats the hoax, please show them the FAQ."
The FCC Modem Tax
Every so often someone posts a dire warning that the FCC is considering a tax on modems and online services. The warning encourages you to tell your friends so they can take political action. It's a hoax. It's been going on for the five years I've been online, and probably much longer. If you'll notice, the warnings don't include a date or a bill number.
Make Money Fast
If you haven't seen a Make Money Fast message, call your local anthropology department. They might be interested in studying you. Devised by David Rhodes in 1987 or 1988, Make Money Fast (sometimes distributed on BBSes as a file called fastcash.txt) is an electronic version of a chain letter pyramid scheme. You're supposed to send money to the ten people on the list, then add your name to the list and repost the chain letter, committing federal wire fraud in the process. Posting a Make Money Fast message is one sure way to lose your Internet account. (Information from the Make Money Fast FAQ by ewl@panix.com.)
Craig Shergold needs your get well cards
Craig Shergold is a UK resident who was dying of cancer. He wanted to get in the Guinness Book of World Records for having received the most get well cards. When people heard of the poor boy's wish, they began sending him postcards. And they kept sending him postcards, and never stopped. Shergold is now in full remission. He was listed in the Guinness Book of World Records in 1991. He really does not want your postcards any more, and neither does his hometown post office.
The Make a Wish Foundation is often mentioned as soliciting cards for Shergold. They now have a Web page that denies any involvement with the chain letter. The page includes an 800 number describes the request for business cards as "not legitimate."
http://www.wish.org/wish/craig.html
These are just a few of the urban legends that you're likely to encounter. There are many more that you probably believe. I won't give them away, but here are some clues: peanut butter, Neiman Marcus/Mrs. Fields, Rod Stewart, and the Newlywed Game. For more information, read the alt.folklore.urban FAQ, available at http://www.urbanlegends.com.
The mini FAQ is a greatly simplified version of the big FAQ. At two pages, it's short enough for message boards, faxes, mailing lists, and people with short attention spans.
Via email:
Send email to archive@xconn.com with REQUEST GT_VIRUS.TXT in the subject line. The FAQ should arrive by email within an hour or two.