[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Aquatic Plants Digest V3 #858
Be aware that either APD #857 or #858 had the 'Happy99.exe' newsgroup
virus attached to it when I received it, possibly you have been infected
with it, would be worth a check for sure.
Below is some info on the virus......
>>>>>>Happy99.exe worm spreads on Net<<<<<<<<<<
Expert says a familiar virus author is up to new tricks
By Bob Sullivan MSNBC
A computer worm called Happy99.exe is making its way around the
Internet, sending hundreds of copies of itself via e-mail attachments and
newsgroup postings. According to Helsinki, Finland, data security firm Data
Fellows Inc., the worm is currently in the wild in Europe and will likely
spread very quickly to North America. It does not attempt to destroy files
on infected machines, but it sends e-mails and newsgroup postings without
the victim's knowledge and could cause network slowdowns or even crash
corporate e-mail servers.
THE WORM, SO-CALLED because it can replicate on its own, first
surfaced a little over a week ago, and since then, hundreds of newsgroup
posters have complained about the annoyance. Like most computer pests, it
arrives as an e-mail or newsgroup attachment and infects only users who run
Once they do, all victims see is a window with a fireworks display.
But behind the scenes, the worm alters the host computer's winsock32.dll
file, the computer's doorway to the Internet. Then, each time a user
initiates e-mail or newsgroup activity, by either receiving or sending
e-mail or posting to a newsgroup, Happy99 spams the newsgroup or e-mail
recipient with copies of itself. Any type of activity on port 25 or 119
will trigger spam activity, according to Dan Takata, senior software
support engineer of Data Fellows. It also keeps a list of the spammed
e-mail addresses and newsgroups in a separate file called LISTE.SKA.
Because the original version of winsock32.dll is preserved in backup
form as WSOCK32.SKA, newsgroup posters say they've been able to restore
their machines without much difficulty. Data Fellows has a patch that
recognizes the worm. It poses no risk to data, but can be more than a
nuisance to network administrators.
If you have 100 PCs and everyone is checking e-mail at 9 a.m. and this
thing starts flying around, absolutely it can slow down a network, Takata
said. It can crash your e-mail server. I wouldn't be surprised if it did.
Because the e-mail header contains "MOUT-MOUT Hybrid (c) Spanska 1999.
Takata speculated that the Happy99 author also wrote a series of viruses
known as the spanska viruses Those were first reported in September 1997
and randomly displayed political messages, such as Remember those who died