Home / Blogs

Remembering the Good Times

J.D. Falk

The most effective early email-borne viruses didn't need botnets. They didn't change your computer settings, or steal your login credentials. And they somehow convinced regular users to help them spread.

The first warnings about the Good Times virus began to appear in November of 1994, and by December the warnings were seen all over as people did what the warning said, and forwarded it to all their friends. There was another outbreak the following March, which quickly mutated to include a reference to a report from the Federal Communications Commission. After return in October, Good Times virus warnings became a part of the landscape which didn't fade away for years.

According to the primary Frequently Asked Questions document about Good Times, warnings were spread within AT&T, CitiBank, NBC, Hughes Aircraft, Microsoft, Texas Instruments, and many other large, technologically savvy companies. It was reported on news radio stations, and FAXed between branch offices.

The Good Times virus was said to spread via email messages with a subject of "Good Times" — which was also the subject line for many of the warnings. It would erase your hard drive, destroy all your files, fill your ASCII buffer, send copies of itself to every address in your saved mail files, and/or place your computer's processor "in an nth-complexity infinite binary loop."

"Its an opportunistic self-replicating email virus", explained professor Clay Shirky, "which tricks its host into replicating it, sometimes adding as many as 200,000 copies at a go. It works by finding hosts with defective parsing apparatus which prevents them from understanding that a piece of email which says there is an email virus and then asking them to remail the message to all their friends is the virus itself."

Yep. The warning was the virus.

The internet was first becoming available to the wider public in 1994; most university students and faculty had accounts on educational systems, and AOL and other formerly standalone proprietary online services had hooked in. Information services, including what eventually became the World Wide Web, were connecting people as never before.

Some of these people were worried. They knew they didn't understand how email worked, or how computers worked. But they also wanted to help each other — to learn, to stay safe, and just to share. So they forwarded the warning, and their friends forwarded it, and so forth.

All that the virus needed in order to get sent around the world over and over and over was a whole lot of gullible people who honestly thought they were being helpful.

If a virus's measure of success is how far it spreads, then the Good Times virus warning virus was the most successful virus of its day...and much of what made it so successful in the mid-1990s still holds true today. Just last week, Facebook users posted warnings for each other about a Christmas Tree virus which doesn't exist. Last year, misinformation about swine flu spread unbelievably quickly on Twitter, even with official sources posting hourly. And now, of course, any popular news headline quickly becomes the topic of black hat SEO trying to trick people into visiting malicious web sites. It has never been more important to stay aware, up to date...to confirm every claim, especially before installing new software you find on some unknown web site...to be just a bit more paranoid than really seems necessary.

As the Good Times warnings said: Happy Chanukah everyone, and be careful out there. Could you pass this along to your global mailing list as well?

(This article was originally published on Return Path's Received: blog.)

By J.D. Falk, Internet Standards and Governance. More blog posts from J.D. Falk can also be read here.

Related topics: Email, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

An Update on Port25 and the Future of PowerMTA - One Year Later​

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

V12 Group Sustains Customer Satisfaction by Deploying PowerMTA for Launchpad Platform

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

PowerMTA Now Offers Scheduled Delivery Control

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Reactivation Campaign: Shared vs. Dedicated IPs

To Where are Bounce Messages Sent?

An Open Source Perspective on Commercial MTAs

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Five Essential PowerMTA Configuration Tips

What's New With Port25's PowerMTA v4.5

Sponsored Topics


DNS Security

Sponsored by


Sponsored by


Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services