Home / Blogs

Remembering the Good Times

J.D. Falk

The most effective early email-borne viruses didn't need botnets. They didn't change your computer settings, or steal your login credentials. And they somehow convinced regular users to help them spread.

The first warnings about the Good Times virus began to appear in November of 1994, and by December the warnings were seen all over as people did what the warning said, and forwarded it to all their friends. There was another outbreak the following March, which quickly mutated to include a reference to a report from the Federal Communications Commission. After return in October, Good Times virus warnings became a part of the landscape which didn't fade away for years.

According to the primary Frequently Asked Questions document about Good Times, warnings were spread within AT&T, CitiBank, NBC, Hughes Aircraft, Microsoft, Texas Instruments, and many other large, technologically savvy companies. It was reported on news radio stations, and FAXed between branch offices.

The Good Times virus was said to spread via email messages with a subject of "Good Times" — which was also the subject line for many of the warnings. It would erase your hard drive, destroy all your files, fill your ASCII buffer, send copies of itself to every address in your saved mail files, and/or place your computer's processor "in an nth-complexity infinite binary loop."

"Its an opportunistic self-replicating email virus", explained professor Clay Shirky, "which tricks its host into replicating it, sometimes adding as many as 200,000 copies at a go. It works by finding hosts with defective parsing apparatus which prevents them from understanding that a piece of email which says there is an email virus and then asking them to remail the message to all their friends is the virus itself."

Yep. The warning was the virus.

The internet was first becoming available to the wider public in 1994; most university students and faculty had accounts on educational systems, and AOL and other formerly standalone proprietary online services had hooked in. Information services, including what eventually became the World Wide Web, were connecting people as never before.

Some of these people were worried. They knew they didn't understand how email worked, or how computers worked. But they also wanted to help each other — to learn, to stay safe, and just to share. So they forwarded the warning, and their friends forwarded it, and so forth.

All that the virus needed in order to get sent around the world over and over and over was a whole lot of gullible people who honestly thought they were being helpful.

If a virus's measure of success is how far it spreads, then the Good Times virus warning virus was the most successful virus of its day...and much of what made it so successful in the mid-1990s still holds true today. Just last week, Facebook users posted warnings for each other about a Christmas Tree virus which doesn't exist. Last year, misinformation about swine flu spread unbelievably quickly on Twitter, even with official sources posting hourly. And now, of course, any popular news headline quickly becomes the topic of black hat SEO trying to trick people into visiting malicious web sites. It has never been more important to stay aware, up to date...to confirm every claim, especially before installing new software you find on some unknown web site...to be just a bit more paranoid than really seems necessary.

As the Good Times warnings said: Happy Chanukah everyone, and be careful out there. Could you pass this along to your global mailing list as well?

(This article was originally published on Return Path's Received: blog.)

By J.D. Falk, Internet Standards and Governance. More blog posts from J.D. Falk can also be read here.

Related topics: Email, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

The Emotional Cost of Cybercrime

Why I Wrote 'Thinking Security'

Regulation and Reason

In Network Security Design, It's About the Users

RIPE 71 Meeting Report

Related News


Industry Updates – Sponsored Posts

To Where are Bounce Messages Sent?

An Open Source Perspective on Commercial MTAs

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Five Essential PowerMTA Configuration Tips

What's New With Port25's PowerMTA v4.5

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

New Feature in PowerMTA v4.5: IP Based Rate Limiting

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Case Study: Emergency Response Systems Rely on Timely Messaging Through PowerMTA

Port25 Announces Next Major Release of Its Email Delivery Solution, PowerMTA

Introducing the Verisign DNS Firewall

Case Study: How PowerMTA Transparent Deliverability Metrics Paves Way for Email Service Provider

TLD Security, Spec 11 and Business Implications

Case Study: MailChimp Achieves Efficient Execution and Reliability with PowerMTA

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

Case Study: Emma Swaps Its SMTP Infrastructure for PowerMTA to Handle Growing Mail Volume

Sponsored Topics