[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Aquatic Plants Digest V3 #858



Hello Karen,
	Be aware that either APD #857 or #858 had the 'Happy99.exe' newsgroup 
virus attached to it when I received it, possibly you have been infected 
with it, would be worth a check for sure.
	Below is some info on the virus......

>>>>>>Happy99.exe worm spreads on Net<<<<<<<<<<

Expert says a familiar virus author is up to new tricks
                        By Bob Sullivan  MSNBC
Jan. 26

     A computer worm called Happy99.exe is making its way around the 
Internet, sending hundreds of copies of itself via e-mail attachments and 
newsgroup postings. According to Helsinki, Finland, data security firm Data 
Fellows Inc., the worm is currently in the wild in Europe and will likely 
spread very quickly to North America. It does not attempt to destroy files 
on infected machines, but it sends e-mails and newsgroup postings without 
the victim's knowledge and could cause network slowdowns or even crash 
corporate e-mail servers.

     THE WORM, SO-CALLED because it can replicate on its own, first 
surfaced a little over a week ago, and since then, hundreds of newsgroup 
posters have complained about the annoyance.  Like most computer pests, it 
arrives as an e-mail or newsgroup attachment and infects only users who run 
the attachment.

     Once they do, all victims see is a window with a fireworks display. 
But behind the scenes, the worm alters the host computer's winsock32.dll 
file, the computer's doorway to the Internet. Then, each time a user 
initiates e-mail or newsgroup activity, by either receiving or sending 
e-mail or posting to a newsgroup, Happy99 spams the newsgroup or e-mail 
recipient with copies of itself. Any type of activity on port 25 or 119 
will trigger spam activity, according to Dan Takata, senior software 
support engineer of Data Fellows.  It also keeps a list of the spammed 
e-mail addresses and newsgroups in a separate file called LISTE.SKA.

     Because the original version of winsock32.dll is preserved in backup 
form as WSOCK32.SKA, newsgroup posters say they've been able to restore 
their machines without much difficulty. Data Fellows has a patch that 
recognizes the worm.  It poses no risk to data, but can be more than a 
nuisance to network administrators.

     If you have 100 PCs and everyone is checking e-mail at 9 a.m. and this 
thing starts flying around, absolutely it can slow down a network, Takata 
said.  It can crash your e-mail server. I wouldn't be surprised if it did.

     Because the e-mail header contains "MOUT-MOUT Hybrid (c) Spanska 1999. 
 Takata speculated that the Happy99 author also wrote a series of viruses 
known as the spanska viruses  Those were first reported in September 1997 
and randomly displayed political messages, such as Remember those who died 
for Madrid.

Regards
G.McDonald