Folks,
I've seen far too many spurious/unnecessary virus warnings in
recent years. This one looks timely, and for real...
------- Forwarded Message Follows -------
From: Lee Fuller [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, February 02, 1999 8:52 PM
To: [EMAIL PROTECTED]
Subject: RE: HAPPY99.EXE VIRUS warning
Confirmed... and it is NOT detectable with either Norton or
McAfee.
Don't open it, folks.
Lee Fuller
Senior Systems Administrator
http://www.phoenixdata.com/
"We ARE the net."
> -----Original Message-----
> From: Hoffman, Joseph (CIT) [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 02, 1999 6:08 PM
> To: '[EMAIL PROTECTED]'
> Subject:
>
>
> FYI, Virus alert....I only hope I can prevent at least
> one from wasting their time...OT or not.
>
> Hope you have the latest virus signature.
>
> Joe Hoffman
> Mailto:[EMAIL PROTECTED]
> National Institutes of Health
> Center for Information Technology
> Computer Facilities Branch
> ==========================================================
>
> More info:
> http://beta.nai.com/public/datafiles/valerts/vinfo/w32ska.htm
>
> -----------------------------------------------------------------
> ---------------
>
> W32/Ska is a worm that was first posted to several newsgroups
> and has been
> reported to several of the AVERT Labs locations worldwide. When
> this worm is run
> it displays a message "Happy New Year 1999!!" and displays
> "fireworks" graphics.
> The posting on the newsgroups has lead to its propagation. It
> can also spread on
> its own, as it can attached itself to a mail message and be sent
> unknowingly by
> a user. Because of this attribute it is also considered to be a worm.
> AVERT cautions all users who may receive the attachment via email to
> simply delete the mail and the attachment.
>
> The worm infects a system via email delivery and arrives as an
> attachment called
> Happy99.EXE. It is sent unknowingly by a user. When the program is run
> it deploys its payload displaying fireworks on the users monitor.
>
> ==========================================================
> Users,
>
> Refer to my last warning mail; sending this in case users only
> read subject.
> The happy99.exe is a virus. More information follows:
>
> (From MSNBC Article: http://www.msnbc.com/news/235662.asp)
>
> <snip>
>
> Jan. 26 - A computer worm called Happy99.exe is making its way around
> the Internet, sending hundreds of copies of itself via e-mail
> attachments and newsgroup postings. According to Helsinki, Finland,
> data security firm Data Fellows Inc., the worm is currently in the wild
> in Europe and will likely spread very quickly to North America. It does
> not attempt to destroy files on infected machines, but it sends e-mails
> and newsgroup postings without the victim's knowledge and could cause
> network slowdowns or even crash corporate e-mail servers.
>
> [...]
>
> THE WORM, SO-CALLED because it can replicate on its own, first surfaced
> a little over a week ago, and since then, hundreds of newsgroup posters
> have complained about the annoyance.
> Like most computer pests, it arrives as an e-mail or newsgroup
> attachment and infects only users who run the attachment.
> Once they do, all victims see is a window with a
> fireworks display.
> But behind the scenes, the worm alters the host computer's
> winsock32.dll file, the computer's doorway to the Internet. Then, each
> time a user intiates e-mail or newsgroup activity, by either receiving
> or SENDING E-MAIL OR POSTING TO A NEWSGROUP (MY NOTE: E.G. THE CF-TALK
> LIST), Happy99 spams the newsgroup or e-mail recipient with copies of
> itself. Any type of activity on port 25 or 119 will trigger spam
> activity, according to Dan Takata, senior software support engineer of
> Data Fellows.
>
> </snip>
>
> HTH,
>
> -Dave
>
cheers,
peter
==================================================
Peter Hyde, SPIS Ltd, Christchurch, New Zealand
* TurboNote: http://TurboPress.com/tbnote.htm
-- small, FREE and very handy
* Print-to-Web automation http://TurboPress.com
* Web design, automation and hosting specialists
Find all the above and MORE at http://www.spis.co.nz
---------------------------------------------------------------------------
New Zealand Delphi Users group - Offtopic List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
