VIRUS HOAXES

This is part of an email message that I sent in response to a virus hoax .... Yes, the famous 'Good TImes' virus. At the end of this is "the final word on the 'Good Times' computer virus" - which is similar to the 'Penpal' virus.

The first part is completely serious. The information on the Good Times virus is a clever spoof that I thought people might enjoy. -Scott

VIRUS ATTACK INFORMATION:

One of the best Web sites for computer virus information is the Virus Bulletin at URL:

http://www.virusbtn.com/

The is a lot more information here than people can usually digest and a small database. Below is a list of incidence of viral attack and types of virus from October 1998 (the most recent for which I have posted data).

A very extensive virus database is at McAfee's site at URL:

http://www.mcafee.com/

Anti-virus software can be downloaded from a variety of sites on the Web. The best are listed at the Virus Bulletin site.

GOOD TIMES and PENPAL GREETINGS! VIRUS:

With regard to the message from "IBM", the virus has already struck your computer! The message itself is the virus. It accomplishes all of the purposes of a virus:

  1. self-replication (through more email messages)
  2. feeds off the computer (uses the resources of the computer to replicate
  3. wreaks mischief (worries people)
  4. is virulent (promises disaster, making it more likely that the message will continue to be spread).

It started in 1994 and hasn't died off yet. I'm sure whoever started it is having as good a laugh as any other virus developer. There is a virus that was created that has the name good times that was invented after the hoax was well underway, but it is not common.

PKZIP300/PKUNZIP300:

This is real. The most recent PKZIP is 2.04 so don't download one that purports to be the new one. When there is eventually a new one, download it from a site that you know is reliable.

HOW VIRUSES ARE SPREAD:

  1. executable files
  2. Word for Windows DOC files
  3. Excel files
  4. ActiveX applications used under Microsoft Internet Explorer Computer viruses (those that do damage to the system) cannot be spread by email except ***as attachments of the types listed above.*** Even then, viruses can be spread only if the information can be executed. (Since Word for Windows and Excel may embed macros that are executed, they have the ability to harbor code.) ActiveX can be downloaded unwittingly from the Internet if you use MS-Internet Explorer because they are executed in the machine. Netscape uses Java, which is written to operate in a virtual machine that is restrained from making itself resident in your machine, so there is nothing to far from Web pages viewed using Netscape. If you must use MS-Internet Explorer, have it warn you whenever an ActiveX application is to be loaded and if it is not a major site that you are familiar with, it might be best to refuse it.

WHAT IS THE SCARIEST VIRUS TODAY:

Probably, the one that I got in Australia on my laptop computer. Apparently, I transferred it from a Mac to my PC. None of the virus detecting programs could find it, and all of my original software was back in the U.S. I was planning to catch up on manuscript writing, but instead it took me about a month to get the computer operational again. It took my FATs (file allocation tables) and pointed them randomly causing the directory to forget where any of its files were. I suspect it was a virus activated by <CTRL><ALT><DELETE> resets that rewrote scandisk. When I encounted a "small glitch," I invoked scandisk which reported that FAT1 and FAT2 (its backup) did not agree and prompted me as to whether I wanted to correct the problem. Gullibly, I said yes and it took out about 2,500 files, leaving only about 30 datafiles untouched. No program files were untouched. I suspected it was "dead" and reloaded everything, which lasted about a day before doing the same thing. Ultimately, I used a program to write zeroes over the data in each sector. That seems to have killed it. I have "only a few" problems since.

What are the scariest characteristics? Stealth, multipartite, polymorphic virus that destroy the hard drive are the greatest threat. Fortunately, the most virulent are also less common. Hare Krisna is a famous one of this type from 1996. Just before the drive is destroyed there is a "Hare krshna, hare hare" message. This is self encrypting virus that changes sizes. Part of the virus moves to the boot record, infects memory and the rest is resident on other files as patched-on code. It attacks on August and September 22. It is hard to detect because it changes in form and size. (This made New York times and many newspapers, but few actual attacks were found.)

VIRUS ATTACK PREVALENCE TABLE FROM VIRUS BULLETIN AS OF JANUARY 1998:

These are the viruses that are most frequently detected at that time (there is a delay in reporting).

Virus NameTypeNumber of incidentsPercentage
Class Macro 160 24.0%
Laroux Macro 119 17.9%
Win95/CIH File 36 5.4%
Cap Macro 34 5.1%
Compat Macro 30 4.5%
Groov Macro 25 3.8%
Paix Macro 22 3.3%
Wazzu Macro 13 2.0%
Steroid Macro 11 1.7%
AntiEXE Boot 7 1.1%
Form Boot 7 1.1%
Jedi Macro 7 1.1%
Munch Macro 7 1.1%
Cartman Macro 6 0.9%
Marburg File 6 0.9%
NoNo Macro 6 0.9%
Npad Macro 6 0.9%
NYB Boot 6 0.9%
Appder Macro 5 0.8%
Concept Macro 5 0.8%
Extras Macro 5 0.8%
Niceday Macro 5 0.8%
Nottice Macro 5 0.8%
Parity_Boot Boot 5 0.8%
Ripper Boot 5 0.8%
Win95/Fono Multi-partite 5 0.8%
AntiCMOS Boot 4 0.6%
Chack Macro 4 0.6%
Cheval File 4 0.6%
Hark Macro 4 0.6%
MDMA Macro 4 0.6%
Showoff Macro 4 0.6%
CopyCap Macro 3 0.5%
DelCMOS Boot 3 0.5%
mIRC/Gerre File 3 0.5%
Sampo Boot 3 0.5%
Shiver Macro 3 0.5%
TWNO Macro 3 0.5%
Baph.1536 Multi-partite 2 0.3%
Bleah Boot 2 0.3%
Brenda Macro 2 0.3%
Diablo Boot 2 0.3%
Explosion File 2 0.3%
Int40 Boot 2 0.3%
Jumper Boot 2 0.3%
Komcon Macro 2 0.3%
Kompu Macro 2 0.3%
MTE.4167 File 2 0.3%
Nucleii File 2 0.3%
Stealth_Boot Boot 2 0.3%
Swlabs Macro 2 0.3%
Trout.6804 File 2 0.3%
Vp Macro 2 0.3%
WelcomB Boot 2 0.3%
AccessiV Macro 1 0.2%
Angelina Boot 1 0.2%
AntiMarc Macro 1 0.2%
Apparition.7035 File 1 0.2%
Cannibal.275 File 1 0.2%
Cebu Macro 1 0.2%
Cerebus File 1 0.2%
Demon Macro 1 0.2%
DMV Macro 1 0.2%
Dodgy Boot 1 0.2%
Enuns.1536 File 1 0.2%
Fehler Macro 1 0.2%
Filler Boot 1 0.2%
Generic_Boot2 Boot 1 0.2%
Goldfish Macro 1 0.2%
Hare Multi-partite 1 0.2%
Invader Multi-partite 1 0.2%
Junkie Multi-partite 1 0.2%
Killock Macro 1 0.2%
Leonor Macro 1 0.2%
Mercado Macro 1 0.2%
Moloch Boot 1 0.2%
Monika File 1 0.2%
Monkey Boot 1 0.2%
NightShade Macro 1 0.2%
NoInt Boot 1 0.2%
Pieck.4444 Multi-partite 1 0.2%
Proteced Macro 1 0.2%
Radyum File 1 0.2%
Raven Boot Boot 1 0.2%
SetMD Macro 1 0.2%
SillyC.1032 File 1 0.2%
Stoned.Stonehenge Boot 1 0.2%
Superhacker.1077 File 1 0.2%
TabeJ Macro 1 0.2%
Techno.1123 File 1 0.2%
Temple Macro 1 0.2%
TPVO.3783 Multi-partite 1 0.2%
VMPCK1 Macro 1 0.2%
V-Sign Boot 1 0.2%
Werewolf.1500 File 1 0.2%
Win95/Anxiety.1823 File 1 0.2%
Win95/Darkside File 1 0.2%
Wolleh Boot 1 0.2%

Table from January 1998

"Last word on the Good Times virus..."
...from a frustrated SysAdmin

Good Times will rewrite your hard drive. Not only that, it will scramble any disks that are even close to your computer. It will re-calibrate your refrigerator's thermostat so that all your ice cream melts. It will demagnetise the strips on all your credit cards, screw up the tracking on your VCR and use subspace field harmonics to scratch any CD's you try to play. It will give your ex-girlfriend your new phonenumber. It will mix Kool-Aid in your fishtank. It will drink all your beer and leave its socks out on the coffee table when there is company coming. It will put a dead kitten in the back pocket of your good suit pants and hide your car keys when you are late for work.

Good Times will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows, while dating your current girlfriend behind your back and billing the dinner and hotel room to your Visa card Such is the power of Good Times: it reaches out beyond the grave to sully those things we hold most dear.

Good Times moves your car randomly around parking lots so that you can't find it. It will kick your dog. It will leave libidinous messages on your boss' voice mail in your voice! It is insidious and subtle, it is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.

Good Times will give you Dutch elm disease. It will make a batch of methamphetamine in your bathtub and then leave bacon cooking on the stove while it goes out to chase primary school students with your new snowblower.

Listen to me. Good Times does not exist. It can not do anything to you But I can. I am sending this message to everyone in the world. Tell your friends, tell your family. If anyone else sends me another email about this fake Good Time virus, I will turn hating them into a religion. I will do things to them that would make a horse's head in your bed look like Sunday brunch.

Your network manager (from the Net)"