Goodtimes virus

Last updated

The Goodtimes virus, also styled as Good Times virus, was a computer virus hoax that spread during the early years of the Internet's popularity. Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes", hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves were, in effect, virus-like. In 1997 the Cult of the Dead Cow hacker collective announced that they had been responsible for the perpetration of the "Good Times" virus hoax as an exercise to "prove the gullibility of self-proclaimed 'experts' on the Internet". [1]

Contents

History

The first recorded email warnings about the Good Times virus showed up on 15 November 1994. [2] The first message was brief, a simple five sentence email with a Christmas greeting, advising recipients not to open email messages with the subject "GOOD TIMES!!", as doing so would "ruin" their files. Later messages became more intricate. The most common versions—the "Infinite loop" and "ASCII buffer" editions—were much longer, containing descriptions of what exactly Good Times would do to the computer of someone who opened it, as well as comparisons to other viruses of the time, and references to a U.S. Federal Communications Commission warning. The warning emails themselves usually contained the very subject line warned against.

Sample email

FYI, a file, going under the name "Good Times" is being sent to some Internet users who subscribe to on-line services (Compuserve, Prodigy and America On Line). If you should receive this file, do not download it! Delete it immediately. I understand that there is a virus included in that file, which if downloaded to your personal computer, will ruin all of your files.

Purported effects

The longer version of the Good Times warning contained descriptions of what Good Times was supposedly capable of doing to computers. In addition to sending itself to every email address in a recipient's received or sent mail, the Good Times virus caused a wide variety of other effects. For example, one version said that if an infected computer contained a hard drive, it could be destroyed. If Good Times was not stopped in time, an infected computer would enter an "nth-complexity infinite binary loop" (a meaningless term), damaging the processor. The "ASCII" buffer email described the mechanism of Good Times as a buffer overflow.

Hoaxes similar to Good Times

A number of computer virus hoaxes appeared after the Good Times hoax had begun to be widely shared. These messages were similar in form to Good Times, warning users not to open messages bearing particular subject lines. Subject lines mentioned in these emails include "Penpal greetings", [3] "Free Money", [4] "Deeyenda", [5] "Invitation", and "Win a Holiday".

The Bad Times computer virus warning is generally considered to be a spoof of the Good Times warning.

Viruses that function like Good Times

Developments in mail systems, such as Microsoft Outlook, without sufficient thought for security implications, made viruses that indeed propagate themselves via email possible. Notable examples include the Melissa worm, the ILOVEYOU virus, and the Anna Kournikova virus. In some cases, a user must open a document or program contained in an email message in order to spread the virus; in others, notably the Kak worm, merely opening or previewing an email message itself will trigger the virus.

Some e-mail viruses written after the Good Times scare contained text announcing that "This virus is called 'Good Times'", presumably hoping to gain kudos amongst other virus writers by appearing to have created a worldwide scare. In general, virus researchers avoided naming these viruses as "Good Times", but an obvious potential for confusion exists, and some anti-virus tools may well detect a real virus they identify as "Good Times", though this will not be the cause of the original scare.

Spoofs

Weird Al Yankovic made a song parody of the virus titled "Virus Alert".

The Bad Times virus hoax was created years later.

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

<span class="mw-page-title-main">Blaster (computer worm)</span> 2003 Windows computer worm

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

<span class="mw-page-title-main">Mydoom</span> Self-replicating malware program that spread by email

Mydoom was a computer worm that targeted computers running Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2024 has yet to be surpassed.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after May 5, 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs." At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

SULFNBK.EXE is an internal component of the Microsoft Windows operating system for restoring long file names.

Bad Times is a computer virus hoax sent out by e-mail. This "virus" does not actually exist, and the "warning" is meant to parody the alarmist message that spread the hoax of the Goodtimes virus hoax.

Upering is a mass-mailing computer worm. It was isolated in Tacoma, Washington, in the United States, from several submissions from America Online members. As of late 2005, it is listed on the WildList, and has been since 2003.

Blackworm is an Internet worm discovered on January 20, 2006 that infects several versions of Microsoft Windows. It is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.

<span class="mw-page-title-main">Virus hoax</span> Message warning of a non-existent computer virus

A computer virus hoax is a message warning the recipients of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipients to forward it to everyone they know, but it can also be in the form of a pop-up window.

W32.Navidad is a mass-mailing worm program or virus, discovered in December 2000 that ran on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It was designed to spread through email clients such as Microsoft Outlook while masquerading as an executable electronic Christmas card. Infected computers can be identified by blue eye icons which appear in the Windows system tray.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Mylife (computer worm)</span> Computer worm

MyLife, discovered by MessageLabs in 2002, is a computer worm that spreads itself by sending email to the addresses found in Microsoft Outlook's contacts list. Written in Visual Basic, it displays an image of a girl holding a flower while it attempts to delete files with certain filename extensions. It is named for a phrase appearing in the subject lines of the emails it sends. A variant, MyLife.B, also called the Bill Clinton worm, instead uses a subject line "bill caricature" and displays a cartoon image of Bill Clinton playing a saxophone. Many additional variants have been reported. When the infected file is run, and the picture is closed, the worm runs its payload. MyLife checks the current date. If the minute value is higher or at 45, the worm searches the C:\ directory and deletes .SYS files, .COM files and the same in D:\ Drives.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

<span class="mw-page-title-main">Happy99</span> Windows computer worm and early e-mail virus

Happy99 is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, a creature from the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.

The jdbgmgr.exe virus hoax involved an e-mail spam in 2002 that advised computer users to delete a file named jdbgmgr.exe because it was a computer virus. jdbgmgr.exe, which had a little teddy bear like icon, was actually a valid Microsoft Windows file, the Debugger Registrar for Java.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.