Mailing List Archive

Mailing List: cavers

Banner Advert

Message Display

From: mblitch1@ta*.rr*.co* (Michael Blitch)
To: cavers@cavers.com
Subject: Re: Virus!
Date: Thu, 11 Feb 1999 03:58:08 GMT
=46or those who got the message with the HAPPY99.exe file here is some
information.

Here is the scoop:
Happy99 is a Win32 based Trojan program. When this program is executed
it will display some fireworks. Apart from the fireworks display this
program will do some other activity in the background without the user's
permission. In the background this program will create two files SKA.EXE
and SKA.DLL. It will alter WSOCK32.DLL to put its code into that file
and keep the original file as WSOCK32.SKA. It can not modify the
WSOCK32.DLL file if it is in use. In such a case this program will add
an entry to the Windows Registry to run SKA.EXE the next time the
computer is booted so that it can do these modifications. The size of
this trojan file is 10000 bytes.

You will not get infected by Happy99 merely by downloading the trojan
file. You will have to execute it to get infected.

The modified WSOCK32.DLL has routines to detect the email and newsgroup
postings made by the user. It will send a copy of the SKA.EXE file
renamed as happy99.exe to every user or newsgroup to whom the user has
sends an email. Each recipient will get the email only once and the
trojan will not send repeat email to the same user. It will send a
separate email retaining the subject of the first email with the file as
an attachment. The trojan also maintains the file LISTE.SKA which
contains the list of all email addresses and newsgroups to which this
file has been sent. The unique function of this trojan is that it can
spread on its own.

Happy99 first appeared in January 1999 and it is reported to have
affected a lot of users.

Go to this web site to see everything there is to know about it. Skip
had no way of knowing about the infection, especially if it was in a
network.

http://www.centralcommand.com/happy/happy.html

Unfortunately this is not a stupid hoax like the "Good time virus",
"forward this e-mail to everyone so microsoft can cure cancer", or "W2
does something worthwhile".

Navigate by Author: [Previous] [Next] [Author Search Index]
Navigate by Subject: [Previous] [Next] [Subject Search Index]

[Send Reply] [Send Message with New Topic]

[Search Selection] [Mailing List Home] [Home]