From steve wornham on Mon, 30 Mar 1998 on the [linuxprog] mailing list
I am not sure if this will help anyone but I recently came across it. (forwarded message below)
I hope that I'll be the only one to respond to this and I hope that no one, on any Linux mailing list, will forward this drivel anywhere!
This appears to be yet another variation of the "Good Times" virus hoax. Hopefully my response will help everyone. Please do NOT forward this message (or any message) to "everyone in your address book." Any mail that you receive that makes this plea should be viewed with extreme suspicion --- they are almost always hoaxes, spams, scams, or Ponzi schemes.
Most are illegal in many jurisdictions (internationally and domestically). Even the cases that aren't illegal are obvious abuses of our shared networking resources (bandwidth).
I won't dignify this particular hoax with an analysis. Suffice it to say that it doesn't specify platform, agent, mechanism, or effect (symptoms nor "payload").
For the record it is possible for e-mail to carry some forms of computer virus to some users. Any WinWord .DOC file can contain macro virus code --- and can be attached to any e-mail (via MIME). However, this "virus" is only "data" to the vast majority of Linux users. Even most Windows users won't be affected most of the time --- and all can protect themselves (simply configure your mail user agent to disable any "automatic document viewing" features, and disable the "auto-executing macros" of all your MS Office packages).
Lest you think that MS Windows is the only platform affected by malicious macros that can be embedded in documents --- consider that some versions of the venerable 'vi' and 'emacs' editors for Unix have historically contained similar features (modern implementations either lack them or have them disabled by default).
In any event some of us in the professional virus fighting community (*) consider these "Good Times" messages to be a "social virus" --- one that is transmitted via the gullibility and lapses in judgement by the human recipients. If you have ever forwarded copies of any such warning to anyone else then you have been a carrier of that virus.
- (I used to be a senior QA analyst at McAfee, before I was their senior Unix sysadmin --- one of my former roommates is still the head of their virus research department --- and I've been on the support team at Norton/Symantec where I was their lead online support rep and BBS SysOp).
Innoculate yourself! Don't perpetuate these hoaxes! When in doubt ask! (Ask one or two trusted associates). Don't do forward any message to "everyone in your address book." Most importantly, don't delete unread mail simply because you think it might contain such a virus. (*)
- (If you're really worried, use a simple, text viewer to look through the suspect message, or switch to an old fashioned mail reader that just reads mail (without all the auto-execution, dynamic content flim flam)).
Incidentally, document macro content isn't the only risk of running some of the modern mail user agents. A number of GUI, MIME enhanced, HTML extended MUA's will default to running JavaScript, or fetching and executing byte-compiled Java code. These should be disabled or limited to "trusted" domains and hosts wherever possible. When that's not possible --- use a different mail reader. Another, risk involves the automated fetching of HTML images. While there is no known mechanism for this to execute hostile code --- it is possible for the server containing such images to perform traffic analysis (finding out what IP address your mail gets forwarded to, and that sort of thing). This is a subtle risk which is more related to privacy than to "virus.'"
As a final note regarding the "Good Times" class of hoaxes --- if a virulent, cross-platform, e-mail transmitted, computer virus ever is created --- it is very unlikely that it would always relay with the same subject. If such a virus were created it almost certainly could not be detected by any feature of the message headers (there is no concievable reason to write such a program with any such constraint).
For those who like to follow links, here's some web info about "Good Times" and similar hoaxes:
- anti-Good Times virus page
- http://www-students.biola.edu/~dougw/GoodTimes/virus.html
- Good Times Virus Hoax FAQ (over 50K)
- http://users.aol.com/macfaq/goodtimes.html
http://www.public.usit.net/lesjones/goodtimes.html- CIAC Internet Hoaxes (about 48K)
- http://ciac.llnl.gov/ciac/CIACHoaxes.html
- Don't Spread that Hoax!
- http://www.nonprofit.net/hoax/hoax.html
- This one covers many other types of Internet and e-mail hoax.
- The AFU & Urban Legends Archive
- http://www.urbanlegends.com/
- The alt.folklore.urban-legends newsgroup home page
>> Hi all, >> This was forwarded to me. Please feel free to pass this along. >> Sherry >> >>======== Original Message ====== >> >> Please be careful!! >> If you receive an e-mail titled "WIN A Holiday" Do Not open it, it >> will erase everything on your hard drive. Forward this letter out >> to as many people as you can. This is a new, very malicious virus >> and not many people know about it. This information was >> announced yesterday morning from Microsoft, please share it with >> everyone in your address book. Also, do not open or even look at >> any mail that says "Returned or unable to Deliver" this virus will >> attach itself to your computer components and render them useless. >> AOL has said that this is a very dangerous virus and that there is >> NO remedy for it at this time.