Re: AOL Virus

I think the AOL Virus is a Hoax. See below

December 6, 1994

This advisory contains information about the "Good Times" virus
rumor, viruses and trojan horses in general.

THE "Good Times" VIRUS IS AN URBAN LEGEND.

In the early part of December, the Motorola Computer Emergency
Response Team (MCERT) started to receive information requests about
a supposed "virus" which could be contracted via America OnLine,
simply by reading a message. The following is the message that
MCERT received:

---------------------------------------------------------------------------
| Here is some important information. Beware of a file called Goodtimes. |
| |
| Happy Chanukah everyone, and be careful out there. There is a virus on |
| America Online being sent by E-Mail. If you get anything called "Good |
| Times", DON'T read it or download it. It is a virus that will erase your |
| hard drive. Forward this to all your friends. It may help them a lot. |
---------------------------------------------------------------------------

THIS IS A HOAX. Upon investigation, several computer emergency
response teams independently determined that the message originated
from both a user of America Online and a student at a university
at approximately the same time, and it was meant to be a hoax --
a false and malicious report.

MCERT has also seen other variations of this hoax, the main one is
that any electronic mail message with the subject line of "xxx-1"
will infect your computer.

This rumor has been spreading very widely. This spread is due
mainly to the fact that many people have seen a message with "Good
Times" in the header. They delete the message without reading it,
thus believing that they have saved themselves from being attacked.
These first-hand reports give a false sense of credibility to the
alert message.

There has been one confirmation of a person, outside of Motorola,
who received a message with "xxx-1" in the header, but an empty
message body. Then, (in a panic, because he had heard the alert),
he checked his PC for viruses (the first time he checked his machine
in months) and found a pre-existing virus on his machine. He
incorrectly came to the conclusion that the E-mail message gave
him the virus (this particular virus could NOT POSSIBLY have spread
via an E-mail message). This person then spread his alert.

If you encounter this message being distributed on any mailing
lists, simply ignore it or send a REPLY stating that this is a
false rumor.

As of this date, there are no known viruses which can infect merely
through reading a mail message. For a virus to spread some program
must be executed. Before executing a program for the first time,
it should be scanned using an approved and current anti-virus tool.
Some programs, known as trojan horses, appear to perform one
function, but may unexpectedly and deliberately cause damage upon
reaching some date or event. The way to avoid trojans is to know
that the program you are using is from a reputable source. Programs
that are found on public bulletin boards, or those sent as e-mail
attachments from people you do not know should not be executed.

As a reminder, brand new software, blank diskettes and even new
computers with pre-installed software may contain viruses. All
new software should be scanned for viruses prior to execution.
New viruses appear with some frequency. Anti-virus software should
be updated with the latest virus descriptions every 3-6 months.

****************************************

Much of this information was provided by the United States Department
of Energy response team in "CIAC Notes Number 94-04 94_12_06",
authored by Karyn Pichnarczyk.

----------------------------------------------------------------------------

Past advisories and other computer security related information are available
via anonymous FTP from 'ftp.mot.com' (129.188.137.106). They are located in
the directory pub/security. Advisories are also posted in the Motorola BBS
newsgroup 'mot.misc.security.announce'. The newsgroup 'mot.misc.security.misc'
has been established as a forum for discussion of security-related issues
within Motorola.

MCERT is a member of FIRST - the Forum of Incident Response and Security
Teams.

--
Bill Nelson, Webelos Den Leader
Eagles Patrol, Pack 878
Tempe District, Grand Canyon Council
Phoenix, Arizona USA  email: nelsonb@aztec.asu.edu

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message
• Previous message
• Maybe in reply to