Home / Blogs

Remembering the Good Times

J.D. Falk

The most effective early email-borne viruses didn't need botnets. They didn't change your computer settings, or steal your login credentials. And they somehow convinced regular users to help them spread.

The first warnings about the Good Times virus began to appear in November of 1994, and by December the warnings were seen all over as people did what the warning said, and forwarded it to all their friends. There was another outbreak the following March, which quickly mutated to include a reference to a report from the Federal Communications Commission. After return in October, Good Times virus warnings became a part of the landscape which didn't fade away for years.

According to the primary Frequently Asked Questions document about Good Times, warnings were spread within AT&T, CitiBank, NBC, Hughes Aircraft, Microsoft, Texas Instruments, and many other large, technologically savvy companies. It was reported on news radio stations, and FAXed between branch offices.

The Good Times virus was said to spread via email messages with a subject of "Good Times" — which was also the subject line for many of the warnings. It would erase your hard drive, destroy all your files, fill your ASCII buffer, send copies of itself to every address in your saved mail files, and/or place your computer's processor "in an nth-complexity infinite binary loop."

"Its an opportunistic self-replicating email virus", explained professor Clay Shirky, "which tricks its host into replicating it, sometimes adding as many as 200,000 copies at a go. It works by finding hosts with defective parsing apparatus which prevents them from understanding that a piece of email which says there is an email virus and then asking them to remail the message to all their friends is the virus itself."

Yep. The warning was the virus.

The internet was first becoming available to the wider public in 1994; most university students and faculty had accounts on educational systems, and AOL and other formerly standalone proprietary online services had hooked in. Information services, including what eventually became the World Wide Web, were connecting people as never before.

Some of these people were worried. They knew they didn't understand how email worked, or how computers worked. But they also wanted to help each other — to learn, to stay safe, and just to share. So they forwarded the warning, and their friends forwarded it, and so forth.

All that the virus needed in order to get sent around the world over and over and over was a whole lot of gullible people who honestly thought they were being helpful.

If a virus's measure of success is how far it spreads, then the Good Times virus warning virus was the most successful virus of its day...and much of what made it so successful in the mid-1990s still holds true today. Just last week, Facebook users posted warnings for each other about a Christmas Tree virus which doesn't exist. Last year, misinformation about swine flu spread unbelievably quickly on Twitter, even with official sources posting hourly. And now, of course, any popular news headline quickly becomes the topic of black hat SEO trying to trick people into visiting malicious web sites. It has never been more important to stay aware, up to date...to confirm every claim, especially before installing new software you find on some unknown web site...to be just a bit more paranoid than really seems necessary.

As the Good Times warnings said: Happy Chanukah everyone, and be careful out there. Could you pass this along to your global mailing list as well?

(This article was originally published on Return Path's Received: blog.)

By J.D. Falk, Internet Standards and Governance. More blog posts from J.D. Falk can also be read here.

Related topics: Cybersecurity, Email, Malware


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Port25 Announces Release of PowerMTA V4.5r5

New Case Study: Jobtome.com Replaces 30 Postfix Servers with a Single PowerMTA

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year