Virus Hoaxes: AOL4Free, Deeyenda, Ghost, Good Times, Good Times Spoof, Irina, Make Money Fast, NaughtyRobot PENPAL GREETINGS!, PKZ300
The AOL4Free Virus is a Hoax
The following "Deeyenda" virus warning is a hoax. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. Here is what the message says.
**********VIRUS ALERT**********
VERY IMPORTANT INFORMATION, PLEASE READ!
There is a computer virus that is being sent across the Internet. If
you receive an email message with the subject line "Deeyenda", DO NOT
read the message, DELETE it immediately!
Some miscreant is sending email under the title "Deeyenda" nationwide,
if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus
that rewrites your hard drive, obliterates anything on it. Please be
careful and forward this e-mail to anyone you care about.
Please read the message below.
-----------
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
The Internet community has again been plagued by another computer
virus. This message is being spread throughout the Internet, including
USENET posting, EMAIL, and other Internet activities. The reason for
all the attention is because of the nature of this virus and the
potential security risk it makes. Instead of a destructive Trojan
virus (like most viruses!), this virus referred to as Deeyenda Maddick,
performs a comprehensive search on your computer, looking for valuable
information, such as email and login passwords, credit cards, personal
inf., etc.
The Deeyenda virus also has the capability to stay memory resident
while running a host of applications and operation systems, such as
Windows 3.11 and Windows 95. What this means to Internet users is that
when a login and password are send to the server, this virus can copy
this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).
The reason for this warning is because the Deeyenda virus is virtually
undetectable. Once attacked your computer will be unsecure. Although
it can attack any O/S this virus is most likely to attack those users
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
Explorer 3.0+ which are running under Windows 95). Researchers at
Princeton University have found this virus on a number of World Wide
Web pagesand fear its spread.
Please pass this on, for we must alert the general public at the
security risks.
The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal antivirus procedure of scanning it before running it should be followed.
The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning.
CIAC first described the Good Times Hoax in CIAC NOTES 94-04c released in December 1994 and described it again in CIAC NOTES 95-09 in April 1995. More information is in the Good_Times FAQ (http://www-mcb.ucdavis.edu/info/virus.html) written by Les Jones.
The original "Good Times" message that was posted and circulated in November and December of 1994 contained the following warning:
Here is some important information. Beware of a file called Goodtimes.
Happy Chanukah everyone, and be careful out there. There is a virus on
America Online being sent by E-Mail. If you get anything called "Good Times",
DON'T read it or download it. It is a virus that will erase your hard drive.
Forward this to all your friends. It may help them a lot.
Soon after the release of CIAC NOTES 04, another "Good Times" message was circulated. This is the same message that is being circulated during this recent "Good Times" rebirth. This message includes a claim that the Federal Communications Commission (FCC) released a warning about the danger of the "Good Times" virus, but the FCC did not and will not ever issue a virus warning. It is not their job to do so. See the FCC Public Notice 5036. The following is the expanded "Good Times" hoax message:
The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user of the InterNet. Apparently,
a new computer virus has been engineered by a user of America
Online that is unparalleled in its destructive capability. Other,
more well-known viruses such as Stoned, Airwolf, and Michaelangelo
pale in comparison to the prospects of this newest creation by a
warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that
no program needs to be exchanged for a new computer to be infected.
It can be spread through the existing e-mail systems of the
InterNet. Once a computer is infected, one of several things can
happen. If the computer contains a hard drive, that will most
likely be destroyed. If the program is not stopped, the computer's
processor will be placed in an nth-complexity infinite binary loop
- which can severely damage the processor if left running that way
too long. Unfortunately, most novice computer users will not
realize what is happening until it is far too late.
The following is a spoof of the good times hoax.
READ THIS:
Goodtimes will re-write your hard drive. Not only that, but
it will scramble any disks that are even close to your computer. It
will recalibrate your refrigerator's coolness setting so all your ice
cream goes melty. It will demagnetize the strips on all your credit
cards, screw up the tracking on your television and use subspace field
harmonics to scratch any CD's you try to play.
It will give your ex-girlfriend your new phone number. It
will mix Kool-aid into your fishtank. It will drink all your beer and
leave its socks out on the coffee table when there's company coming
over. It will put a dead kitten in the back pocket of your good suit
pants and hide your car keys when you are late for work.
Goodtimes will make you fall in love with a penguin. It will
give you nightmares about circus midgets. It will pour sugar in your
gas tank and shave off both your eyebrows while dating your
girlfriend behind your back and billing the dinner and hotel room to
your Discover card.
It will seduce your grandmother. It does not matter if she
is dead, such is the power of Goodtimes, it reaches out beyond the
grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't
find it. It will kick your dog. It will leave libidinous messages on
your boss's voice mail in your voice! It is insidious and subtle. It
is dangerous and terrifying to behold. It is also a rather
interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the
toilet seat up. It will make a batch of Methanphedime in your bathtub
and then leave bacon cooking on the stove while it goes out to chase
gradeschoolers with your new snowblower.
Listen to me. Goodtimes does not exist.
It cannot do anything to you. But I can. I am sending this
message to everyone in the world. Tell your friends, tell your
family. If anyone else sends me another E-mail about this fake
Goodtimes Virus, I will turn hating them into a religion. I will do
things to them that would make a horsehead in your bed look like
Easter Sunday brunch.
So there, take that Good Times.
The "Irina" virus warnings are a hoax. The former head of an electronic publishing company circulated the warning to create publicity for a new interactive book by the same name. The publishing company has apologized for the publicity stunt that backfired and panicked Internet users worldwide. The original warning claimed to be from a Professor Edward Pridedaux of the College of Slavic Studies in London; there is no such person or college. However, London's School of Slavonic and East European Studies has been inundated with calls. This poorly thought-out publicity stunt was highly irresponsible. For more information pertaining to this hoax, reference the UK Daily Telegraph at http://www.telegraph.co.uk. The original hoax message is as follows:
FYI
There is a computer virus that is being sent across the Internet.
If you receive an e-mail message with the subject line "Irina", DONOT
read the message. DELETE it immediately.
Some miscreant is sending people files under the title "Irina". If
you receive this mail or file, do not download it. It has a virus
that rewrites your hard drive, obliterating anything on it. Please be
careful and forward this mail to anyone you care about.
( Information received from the Professor Edward Prideaux, College of
Slavonic Studies, London ).
The Make Money Fast Warning Hoax appears to be similar to the PENPAL GREETINGS! Warning in that it is a hoax warning message that is attempting to kill an e-mail chain letter. While laudable in its intent, the hoax warning has caused as much or more problems than the chain letter it is attempting to kill.
Quite a few Web site administrators have received email messages that seem to be originating from the same machine hosting the Web site. The email headers are apparently being forged to hide the original sender of the message. The mail being received contains the following:
Subject: security breached by NaughtyRobot
This message was sent to you by NaughtyRobot, an Internet spider that
crawls into your server through a tiny hole in the World Wide Web.
NaughtyRobot exploits a security bug in HTTP and has visited your host
system to collect personal, private, and sensitive information.
It has captured your Email and physical addresses, as well as your phone
and credit card numbers. To protect yourself against the misuse of this
information, do the following:
1. alert your server SysOp,
2. contact your local police,
3. disconnect your telephone, and
4. report your credit cards as lost.
Act at once. Remember: only YOU can prevent DATA fires.
This has been a public service announcement from the makers of
NaughtyRobot -- CarJacking its way onto the Information SuperHighway.
The NaughtyRobot email message appears to be a hoax. There is no indication that any of the problems described in the body have taken place on any machine.
The PENPAL GREETINGS! Hoax shown below appears to be an attempt to kill an e-mail chain letter by claiming that it is a self starting Trojan that destroys your hard drive and then sends copies of itself to everyone whose address in in your mailbox. Reading an e-mail message does not run it nor does it run any attachments, so this Trojan must be self starting. Aside from the fact that a program cannot start itself, the Trojan would also have to know about every different kind of e-mail program to be able to forward copies of itself to other people. This warning is totally a hoax.
FYI!
Subject: Virus Alert
Importance: High
If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
reading it. Below is a little explanation of the message, and what it would
do to your PC if you were to read the message. If you have any questions or
concerns please contact SAF-IA Info Office on 697-5059.
This is a warning for all internet users - there is a dangerous virus
propogating across the internet through an e-mail message entitled "PENPAL
GREETINGS!".
DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
This message appears to be a friendly letter asking you if you are
interestedin a penpal, but by the time you read this letter, it is too late.
The "trojan horse" virus will have already infected the boot sector of your hard
drive, destroying all of the data present. It is a self-replicating virus,
and once the message is read, it will AUTOMATICALLY forward itself to anyone
who's e-mail address is present in YOUR mailbox!
This virus will DESTROY your hard drive, and holds the potential to DESTROY
the hard drive of anyone whose mail is in your inbox, and who's mail is in
their inbox, and so on. If this virus remains unchecked, it has the potential
to do a great deal of DAMAGE to computer networks worldwide!!!!
Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!
And pass this message along to all of your friends and relatives, and the
other readers of the newsgroups and mailing lists which you are on, so that
they are not hurt by this dangerous virus!!!!
The PKZ300 Trojan is a real Trojan program, but the initial warning about it was released over a year ago. For information pertaining to PKZ300 Trojan reference CIAC Notes issue 95-10, at http://ciac.llnl.gov/ciac/notes/Notes10.shtml that was released in June of 1995. The warning itself, on the other hand, is gaining urban legend status. There has been an extremely limited number of sightings of this Trojan and those appeared over a year ago. Even though the Trojan warning is real, the repeated circulation of the warning is a nuisance. Individuals who need the current release of PKZIP should visit the PKWare web page at http://www.pkware.com.
The following is the true warning about PKZ300 from the PKWare web site:
!!! PKZIP Trojan Horse Version - (Originally Posted May 1995) !!!
It has come to the attention of PKWARE that a fake version of PKZIP is being
distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an offical version from
PKWARE and it will attempt to erase your hard drive if run. It attempts to
perform a deletion of all the directories of your current drive. If you have
any information as to the creators of this trojan horse, PKWARE would be
extremely interested to hear from you. If you have any other questions about
this fake version, please e-mail [email protected]