Klarinet Archive - Posting 001009.txt from 1995/10

From: Israel Hsu <israelh@-----.EDU>
Subj: Re: Computer Virus
Date: Fri, 27 Oct 1995 18:44:13 -0400

Hi.

Please stop sending warnig emails about the "Good Times" virus -- such a
thing does not exist. This was a hoax that started sometime last year;
it's old news. Below I've included the official word on the Good Times
virus from the U.S. Dept. of Energy.

Jesus is our real Good Time. Whenever we call on Him, He injects us with
His terminating death and His regenerating life! O Lord Jesus.

Apologies to those who have already seen this.

--Israel
israelh@-----.edu

-----BEGIN PGP SIGNED MESSAGE-----

U.S. DOE's Computer Incident Advisory Capability
___ __ __ _ ___ __ __ __ __ __
/ | /_ / | | / | |_ /_
\___ __|__ / \___ | | \__/ | |__ __/

Number 95-09 April 24, 1995

This edition of CIAC NOTES describes the recent rebirth of "Good Times",
and reiterates CIAC's previous position that "Good Times" is a hoax.
Please send your comments and feedback to ciac@-----.

$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
$ Reference to any specific commercial product does not necessarily $
$ constitute or imply its endorsement, recommendation or favoring by $
$ CIAC, the University of California, or the United States Government.$
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$

There is a rebirth of the "Good Times" urban legend. CIAC and other
response teams, along with the Federal Communications Commission and
America Online, have received numerous queries regarding the validity
of the "Good Times" virus. The current "Good Times" message appears to
be a repeat of the hoax perpetuated last December.

CIAC first released CIAC NOTES 94-04 in December 1994 which is titled
"THE 'Good Times' VIRUS IS AN URBAN LEGEND." The original "Good Times"
message that was posted and circulated contained the following:

---------------------------------------------------------------------------
| Here is some important information. Beware of a file called Goodtimes. |
| |
| Happy Chanukah everyone, and be careful out there. There is a virus on |
| America Online being sent by E-Mail. If you get anything called "Good |
| Times", DON'T read it or download it. It is a virus that will erase your |
| hard drive. Forward this to all your friends. It may help them a lot. |
---------------------------------------------------------------------------

Soon after the release of CIAC NOTES 04, another "Good
Times" message was circulated. This is the same message that is
being circulated during this recent "Good Times" rebirth. This
message includes a claim that the Federal Communications Commission
(FCC) released a warning about the danger of the "Good Times"
virus. This "Good Times" hoax message contains the following:

The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.
What makes this virus so terrifying, said the FCC, is the fact
that no program needs to be exchanged for a new computer to be
infected.

... { stuff deleted } ...

CIAC contacted the FCC to ensure that this reference was fabricated
and that the "Good Times" is truly a hoax.

ADDITIONAL INFORMATION
======================
Having malicious code (malware) buried in the body of an E-mail
message that would "infect" your computer is not a very likely
possibility because characters in an E-mail message are displayed, not
executed. CIAC still affirms that reading E-mail, using typical mail
agents, will not activate malware delivered in or with the message.

Many people believe "in theory" that malware can be delivered and
activated by some mail agents that have automated services. An
example of such malware is mail delivered to a PC that has embedded,
seemingly invisible escape sequences which affect screen display or
program the keyboard to do some nastiness when some key is
"accidently" pressed. The following is an excerpt from CIAC NOTES
05 which included and update to the "Good Times" urban legend.

CIAC did not claim that E-mail could not be a delivery agent for
malware. A real threat comes from attached files which could
contain viruses or Trojan programs. You should scan any executable
attachment before executing it in the same way that you scan all new
software before using it. It is possible to create a file that
remaps keys when displayed on a PC/MS-DOS machine with the ANSI.SYS
driver loaded. However, this only works on PC/MS-DOS machines with
the text displayed on the screen in text mode. It would not work in
Windows or in most text editors or mailers. A key could be remapped
to produce any command sequence when pressed, for example DEL or
FORMAT. However, the command is not issued until the remapped key
is pressed and the command issued by the remapped key would be
visible on the screen. You could protect yourself by removing
ANSI.SYS from the CONFIG.SYS file, but many DOS programs use the
functionality of ANSI.SYS to control screen functions and colors.
Windows programs are not effected by ANSI.SYS, though a DOS program
running in Windows would be.

- - ------------------------------
Who is CIAC?

CIAC is the U.S. Department of Energy's Computer Incident Advisory
Capability. Established in 1989, shortly after the Internet Worm, CIAC
provides various computer security services free of charge to
employees and contractors of the DOE, such as:

. Incident Handling Consulting
. Computer Security Information
. On-site Workshops
. White-hat Audits

CIAC is located at Lawrence Livermore National Laboratory in
Livermore, California, and is a part of its Computer Security
Technology Center. Further information can be found at CIAC. CIAC is
also a founding member of FIRST, the Forum of Incident Response and
Security Teams, a global organization established to foster
cooperation and coordination among computer security teams
worldwide. See FIRST for more details.

- - ------------------------------
CIAC, the Computer Incident Advisory Capability, is the computer security
incident response team for the U.S. Department of Energy. CIAC is located
at the Lawrence Livermore National Laboratory in Livermore, California.
CIAC is also a founding member of FIRST, the Forum of Incident Response
and Security Teams, a global organization established to foster cooperation
and coordination among computer security teams worldwide.

CIAC services are available to DOE and DOE contractors, and can be
contacted at:
Voice: 510-422-8193
FAX: 510-423-8002
STU-III: 510-423-2604
E-mail: ciac@-----.gov

For emergencies and off-hour assistance, DOE and DOE contractor sites may
contact CIAC 24-hours a day. During off hours (5PM - 8AM PST), call the
CIAC voice number 510-422-8193 and leave a message, or call 800-759-7243
(800-SKY-PAGE) to send a Sky Page. CIAC has two Sky Page PIN numbers, the
primary PIN number, 8550070, is for the CIAC duty person, and the secondary
PIN number, 8550074 is for the CIAC Project Leader.

Previous CIAC notices, anti-virus software, pgp public key, and other
information are available from the CIAC Computer Security Archive.

World Wide Web: http://ciac.llnl.gov/
Anonymous FTP: ciac.llnl.gov (128.115.19.53)
Modem access: (510) 423-4753 (14.4K baud)
(510) 423-3331 (9600 baud)

CIAC has several self-subscribing mailing lists for electronic publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical information
and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the use of
SPI products.

Our mailing lists are managed by a public domain software package called
ListProcessor, which ignores E-mail header subject lines. To subscribe
(add yourself) to one of our mailing lists, send the following request as
the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE
or SPI-NOTES for list-name and valid information for LastName FirstName and
PhoneNumber when sending

E-mail to ciac-listproc@-----.gov:
subscribe list-name LastName, FirstName PhoneNumber
e.g., subscribe ciac-notes O'Hara, Scarlett W. 404-555-1212 x36

You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or
get help.

- - ---------------------------------------------------------------
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
- - ---------------------------------------------------------------

End of CIAC Notes Number 95-09 95_4_24

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBL5vARrnzJzdsy3QZAQFC6AQAoJAuWKKH/9RJ9zD0UZBN5Z2GFPim24NB
9rtxIxDXqX9zl8eEiAa5MmSTx/AVkRgPi6JFGHaUKxamfkSRoZJeeKEIb12ZUUnA
il8PIZex0Z9E6B6a4lMgapjmgYDYO0pLgY/MoRHts8+PHGl4WKGSLF2fi3nhnHpA
neePBpHe8DA=
=em+y
-----END PGP SIGNATURE-----
Attachment converted: msattler:SIGNED MESSAGE 21 (TEXT/MPGP) (00005589)

On Fri, 27 Oct 1995 dgresham@-----.org wrote:

>
> I received this at my job today. Be careful.
>
__
> Subject: Computer Virus
> Author: Administrator at LIONSHUB
> Date: 10/27/95 4:23 PM
>
>
> THIS WARNING WAS RECEIVED BY LIONS. ALTHOUGH WE ARE UNCERTAIN AS TO
> WHETHER OR NOT THIS IS A REAL VIRUS, WE ARE PASSING IT ON AS A SAFEGUARD
> TO OUR USERS WITH THE ADVISORY THAT ANY MESSAGES RECEIVED WITH THE SUBJEC
T
> "GOOD TIMES" SHOULD IMMEDIATELY BE DELETED.
>
> For your information, please read below.
>
> ----------------------------------------------------------------------
>
> PLEASE READ THIS CAREFULLY!
>
> There is a new computer virus that is being sent across the Internet.
> If you receive an email message with the subject line "Good Times", DO
> NOT read the message. DELETE it immediately. Please read the
> messages below.
>
> Some miscreant is sending email under the title "Good Times"
> nation-wide.
> If you get anything like this, DON't DOWNLOAD THE FILE! It has a
> virus that rewrites your hard drive, obliterating anything on it.
>
> Please be careful and forward this mail to anyone you care about.
> Thought you might like to know....
>
> The FCC released a warning last Wednesday concerning a matter of major
> importance to any regular user of the Internet. Apparently, a new
> computer virus has been engineered by a user of America Online that is
> unparalleled in its destructive capability. Other, more well-known
> viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison
> to the prospects of this newest creation by a warped mentality.
>
> What makes this virus so terrifying, said the FCC, is the fact that no
> program needs to be exchanged for a new computer to be infected. It
> can be spread through the existing email systems of the Internet.
> Once a computer is infected, one of several things can happen. If the
> computer contains a hard drive, that will most likely be destroyed.
> If the program is not stopped, the computer's processor will be placed
> in an nth-complexity infinite binary loop, which can severely damage
> the processor if left running that way too long.
>
> Unfortunately, most novice computer users will not realize what is
> happening until it is far too late.
>
> Luckily, there is one sure means of detecting what is now known as the
> Good Times" virus. It always travels to new computers the same way in
> a test email message with the subject line reading simply "Good
> Times".
>
> Avoiding the infection is easy once the file has been received - not
> reading it. The act of loading the file into the mail server's ASCII
> buffer causes the "Good Times" mainline program to initialize and
> execute.
> The program is highly intelligent - it will send copies of itself to
> everyone whose email address is contained in a received-mail file or a
> sent-mail file, if it can find one. It will then trash the computer it
> is
> running on.
>
> The bottom line here is - if you receive a file with the subject line
> "Good Times," delete it immediately! Do not read it! Rest assured
> that whoever's name was on the "From:" line was surely struck by the
> virus.
>
> Warn your friends and local system users of this newest threat to the
> Internet! It could save them alot of time and money.
>
> Please pass this on... especially to anyone you know that uses
> "America Online" regularly.
>
> ----------End of Original Message----------
>
>
>

    
     Copyright © Woodwind.Org, Inc. All Rights Reserved    Privacy Policy    Contact charette@woodwind.org