|
|
The Answer Guy 28: "Good Times" Here Again? NOT!
"Linux Gazette...making Linux just a little more fun!"
 "Good Times" are Here
Again? NOT!
E-mail and Internet Hoaxes Exposed
From steve wornham on Mon, 30 Mar 1998 on the
[linuxprog]
mailing list
I am not sure if this will help anyone but I recently came across
it. (forwarded message below)
 I hope that I'll be the only one to
respond to this and I hope that
no one, on any Linux mailing list, will forward this drivel anywhere!
This appears to be yet another variation of the "Good Times" virus
hoax. Hopefully my response will help everyone. Please do NOT forward
this message (or any message) to "everyone in your address book."
Any mail that you receive that makes this plea should be viewed with
extreme suspicion --- they are almost always hoaxes, spams, scams, or
Ponzi schemes.
Most are illegal in many jurisdictions (internationally and
domestically). Even the cases that aren't illegal are obvious abuses
of our shared networking resources (bandwidth).
I won't dignify this particular hoax with an analysis. Suffice it
to say that it doesn't specify platform, agent, mechanism, or effect
(symptoms nor "payload").
For the record it is possible for e-mail to carry some forms of
computer virus to some users. Any WinWord .DOC file can contain
macro virus code --- and can be attached to any e-mail (via MIME).
However, this "virus" is only "data" to the vast majority of Linux
users. Even most Windows users won't be affected most of the time
--- and all can protect themselves (simply configure your mail user
agent to disable any "automatic document viewing" features, and
disable the "auto-executing macros" of all your MS Office packages).
Lest you think that MS Windows is the only platform affected by
malicious macros that can be embedded in documents --- consider that
some versions of the venerable 'vi' and 'emacs' editors
for Unix have
historically contained similar features (modern implementations
either lack them or have them disabled by default).
In any event some of us in the professional virus fighting community (*)
consider these "Good Times" messages to be a "social virus"
--- one
that is transmitted via the gullibility and lapses in judgement by the
human recipients. If you have ever forwarded copies of any such
warning to anyone else then you have been a carrier of that virus.
- (I used to be a senior QA analyst at McAfee, before I was
their senior Unix sysadmin --- one of my former roommates
is still the head of their virus research department ---
and I've been on the support team at Norton/Symantec where
I was their lead online support rep and BBS SysOp).
Innoculate yourself! Don't perpetuate these hoaxes! When in doubt
ask! (Ask one or two trusted associates).
Don't do forward
any message to "everyone in your address book." Most importantly,
don't delete unread mail simply because you think it might contain
such a virus. (*)
- (If you're really worried, use a simple, text viewer to
look through the suspect message, or switch to an old
fashioned mail reader that just reads mail (without
all the auto-execution, dynamic content flim flam)).
Incidentally, document macro content isn't the only risk of running
some of the modern mail user agents. A number of GUI, MIME enhanced,
HTML extended MUA's will default to running JavaScript, or fetching
and executing byte-compiled Java code. These should be disabled
or limited to "trusted" domains and hosts wherever possible. When that's
not possible --- use a different mail reader. Another, risk involves
the automated fetching of HTML images. While there is no known mechanism
for this to execute hostile code --- it is possible for the server
containing such images to perform traffic analysis (finding out what
IP address your mail gets forwarded to, and that sort of thing). This is
a subtle risk which is more related to privacy than to "virus.'"
As a final note regarding the "Good Times" class of hoaxes --- if
a virulent, cross-platform, e-mail transmitted, computer virus
ever is created --- it is very unlikely that it would always relay with
the same subject. If such a virus were created it almost certainly
could not be detected by any feature of the message headers (there is no
concievable reason to write such a program with any such constraint).
For those who like to follow links, here's some web info about
"Good Times" and similar hoaxes:
- anti-Good Times virus page
- http://www-students.biola.edu/~dougw/GoodTimes/virus.html
- Good Times Virus Hoax FAQ (over 50K)
- http://users.aol.com/macfaq/goodtimes.html
http://www.public.usit.net/lesjones/goodtimes.html
- CIAC Internet Hoaxes (about 48K)
- http://ciac.llnl.gov/ciac/CIACHoaxes.html
- Don't Spread that Hoax!
- http://www.nonprofit.net/hoax/hoax.html
- This one covers many other types of Internet and
e-mail hoax.
- The AFU & Urban Legends Archive
- http://www.urbanlegends.com/
- The alt.folklore.urban-legends newsgroup home page
>> Hi all,
>> This was forwarded to me. Please feel free to pass this along.
>> Sherry
>>
>>======== Original Message ======
>>
>> Please be careful!!
>> If you receive an e-mail titled "WIN A Holiday" Do Not open it, it
>> will erase everything on your hard drive. Forward this letter out
>> to as many people as you can. This is a new, very malicious virus
>> and not many people know about it. This information was
>> announced yesterday morning from Microsoft, please share it with
>> everyone in your address book. Also, do not open or even look at
>> any mail that says "Returned or unable to Deliver" this virus will
>> attach itself to your computer components and render them useless.
>> AOL has said that this is a very dangerous virus and that there is
>> NO remedy for it at this time.
Copyright © 1998, James T. Dennis
Published in Linux Gazette Issue 28 May 1998
![[ Table Of Contents ]](../gx/indexnew.gif)
![[ Front Page ]](../gx/homenew.gif)
![[ Answer Guy Index ]](../gx/dennis/answernew.gif)
|
