Universität Ulm,
Fakultät für Mathematik und Wirtschaftswissenschaften,
Administrative Hinweise,
Kettenbriefe
Good Time Virus: CIAC Statement
CIAC notes09.txt ftp://ftp.cert.dfn.de/pub/csir/ciac/notes/notes09.txt
===========================================================================
U.S. DOE's Computer Incident Advisory Capability
___ __ __ _ ___ __ __ __ __ __
/ | /_\ / |\ | / \ | |_ /_
\___ __|__ / \ \___ | \| \__/ | |__ __/
Number 95-09 April 24, 1995
This edition of CIAC NOTES describes the recent rebirth of "Good Times",
and reiterates CIAC's previous position that "Good Times" is a hoax.
Please send your comments and feedback to ciac@llnl.gov.
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
$ Reference to any specific commercial product does not necessarily $
$ constitute or imply its endorsement, recommendation or favoring by $
$ CIAC, the University of California, or the United States Government.$
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
There is a rebirth of the "Good Times" urban legend. CIAC and other
response teams, along with the Federal Communications Commission and
America Online, have received numerous queries regarding the validity
of the "Good Times" virus. The current "Good Times" message appears to
be a repeat of the hoax perpetuated last December.
CIAC first released CIAC NOTES 94-04 in December 1994 which is titled
"THE 'Good Times' VIRUS IS AN URBAN LEGEND." The original "Good Times"
message that was posted and circulated contained the following:
---------------------------------------------------------------------------
| Here is some important information. Beware of a file called Goodtimes. |
| |
| Happy Chanukah everyone, and be careful out there. There is a virus on |
| America Online being sent by E-Mail. If you get anything called "Good |
| Times", DON'T read it or download it. It is a virus that will erase your |
| hard drive. Forward this to all your friends. It may help them a lot. |
---------------------------------------------------------------------------
Soon after the release of CIAC NOTES 04, another "Good
Times" message was circulated. This is the same message that is
being circulated during this recent "Good Times" rebirth. This
message includes a claim that the Federal Communications Commission
(FCC) released a warning about the danger of the "Good Times"
virus. This "Good Times" hoax message contains the following:
The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.
What makes this virus so terrifying, said the FCC, is the fact
that no program needs to be exchanged for a new computer to be
infected.
... { stuff deleted } ...
CIAC contacted the FCC to ensure that this reference was fabricated
and that the "Good Times" is truly a hoax.
ADDITIONAL INFORMATION
======================
Having malicious code (malware) buried in the body of an E-mail
message that would "infect" your computer is not a very likely
possibility because characters in an E-mail message are displayed, not
executed. CIAC still affirms that reading E-mail, using typical mail
agents, will not activate malware delivered in or with the message.
Many people believe "in theory" that malware can be delivered and
activated by some mail agents that have automated services. An
example of such malware is mail delivered to a PC that has embedded,
seemingly invisible escape sequences which affect screen display or
program the keyboard to do some nastiness when some key is
"accidently" pressed. The following is an excerpt from CIAC NOTES
05 which included and update to the "Good Times" urban legend.
CIAC did not claim that E-mail could not be a delivery agent for
malware. A real threat comes from attached files which could
contain viruses or Trojan programs. You should scan any executable
attachment before executing it in the same way that you scan all new
software before using it. It is possible to create a file that
remaps keys when displayed on a PC/MS-DOS machine with the ANSI.SYS
driver loaded. However, this only works on PC/MS-DOS machines with
the text displayed on the screen in text mode. It would not work in
Windows or in most text editors or mailers. A key could be remapped
to produce any command sequence when pressed, for example DEL or
FORMAT. However, the command is not issued until the remapped key
is pressed and the command issued by the remapped key would be
visible on the screen. You could protect yourself by removing
ANSI.SYS from the CONFIG.SYS file, but many DOS programs use the
functionality of ANSI.SYS to control screen functions and colors.
Windows programs are not effected by ANSI.SYS, though a DOS program
running in Windows would be.
===========================================================================
Andreas Borchert, 19. Januar 1996