[Prev][Next][Index]

Re: Good Times virus



> Justing (jphealy at sysconn_com) wrote:
> I know this is not the forum for this, but I want to protect this newsgroup. 

[snip, Good Times virus description and life cycle]
> >>>Luckily, there is one sure
> >>>means of detecting what is now known as the "Good Times" virus. It
> >>>always travels to new computers the same way in a text email message
> >>>with the subject line reading "Good Times". Avoiding infection is easy
> >>>once the file has been received simply by NOT READING IT! The act of
> >>>loading the file into the mail server's ASCII buffer causes the "Good
> >>>Times" mainline program to initialize and execute.
> >>>
> >>>  George H. Bowers
> >>>  Vice President for Information Systems University of Maryland Medical
> >>>  System 410-328-2579  (fax)410-328-0572  gbowers at umms_itg_ab.umd.edu"

Thank you, Justin, for your concern.  I deal with computer security
issues, and there are many things that make me nervous.  Your decision to
be cautious is absolutely NOT out-of-line.

In this case, however, I think somebody is pulling your leg.

I'm amazed George H. Bowers would put his name on this...someone must
be pulling his leg too.  More likely, somebody hates Mr. Bowers and
forged his name.

The above virus is impossible.  E-mail text does not have any control over
anything, and the text editor does not execute this text.  You can't
transmit a virus this way.  Now, saving a virus-infected MIME attachment
to a message is possible, but you must manually do this and execute it.

Even if Mr. Bowers were referring to this MIME attachment, I cannot believe
a responsible authority would ever say, "...It always travels...with the
subject line reading 'Good Times'".  The subject is the easiest thing
to change, and in about two minutes I could write a program to generate
unique subject lines every time relating to plant genera.

Further, no responsible party should ever state, "Avoiding infection is
easy once the file has been received by simply NOT READING IT!"  Loading
the file into an ASCII buffer can't ever do anything.  If you already
received it, you can only make it active by executing it (if it is 
recognized by your operating system as an executable file, [*.bat, *.com,
*.exe, etc. on MS-DOS]), or if it is a special file that is loaded for
execution, like an "overlay" file.

The suggestion that it will hurt your processor by making it process
to much is a little silly.  A processor is built to process, and it
is built to do repetitive instruction sets.  I don't believe Mr. Bowers'
statement.

Of course, other things are free game:  you can write a program to
reset your monitor to resolutions it can't handle and blow it up (yes,
smoke, sparks and fires out of your $1,000 monitor), you can tell
your hard drive to bang its little heads into areas it shouldn't go,
and you can send commands to your motherboard that burns out your
CMOS settings and possibly damages the PROM.  However, (except maybe
the monitor), these are very specific programs attacking very specific
hardware vendors' very specific product line.  The hardware out there
is too diverse to be attacked generically.

There are many dangerous things out there, but I don't think Mr. Bowers
is describing one that exists in today's world.

As an aside, I have been studying computer virii for a while (Hey...some
people collect stamps and coins, I collect computer virii.  :-)  While
these are never accidental programs (every virus is written by some
irresponsible vandal), this mailing list  may be very interested to know 
the most successful computer virii _very_ closely mimic biological virii 
(for largely the same reasons).

--charley
cbay at jeppesen_com, cbay at verinet_com