For more info on happy99 (AKA W32.SKA), check
http://beta.nai.com/public/datafiles/valerts/vinfo/w32ska.htm
Dave
-----Original Message-----
From: Michael H. Warfield [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 28, 1999 3:28 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: possible Goodtimes style fraud?????
David Lang enscribed thusly:
> I have seen mentions of a place to check the accuracy of this type of
> thing, but cannot find it. This sounds possible (unlike most of the alerts
> I get) can someone point me someplace to check on it?
http://www.msnbc.com/news/235662.asp
This one is real. I've been communicating with some chumps who
got burned by it. Unlike GoodTimes and their ilk, this is a self inflicted
injury. The mark has to execute the damn thing. One guy was appologising
to an entire mailing list he ended up spamming with it (a Linux list no
less) saying that he ran a virus scanner on it but the virus scanner
didn't find anything and so he ran the program. Doh! All it did (that he
saw) was shoot off a fireworks display. After that, any mail he sent out
also sent out a copy of happy99.exe to the same address....
BTW... It's scary to think about but with the latest in reference
URL templates for Word 97 and Excel 97 call function vulnerabilities, anyone
using a Windows based mail agent better think twice about "Good Times" type
warnings. Seems that Microsoft has given us the power to really create one!
Outlook can crank up excel or word on an E-Mail attachment automatically
and each now has identified vulnerabilities that allows hostile attachments
to execute macro code without warning the user (the Word templates bypass
the usual "do you want to run this macro" warnings from simple macros).
Anyone who can put together a VBA app can create one of these nasties!
Be glad the author of happy99.exe didn't bury the thing in a Word
template macro!
> David Lang
> ************************************************************
>
> TOP OF THE NEWS
>
> Internet worm can crash corporate servers
>
> A computer worm named Happy99.exe -- which replicates
> itself when users send infected E-mail to others or post
> to newsgroups -- can slow down or crash corporate E-mail
> servers.
> http://www.computerworld.com/home/news.nsf/CWFlash/9901273happy
> <http://www.computerworld.com/home/news.nsf/CWFlash/9901273happy>
>
-- End of PGP signed section.
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
