WARNING ! DONT RUN HAPPY99.EXE
Fraser, Colin J
Colin.Fraser at scottishpower.plc.uk
Mon May 24 18:18:22 CEST 1999
HAPPY99.EXE STARTED MAKING its way around the Internet about Jan.
20, sending hundreds of copies of itself via e-mail attachments and
newsgroup postings. According to Helsinki, Finland, data security firm Data
Fellows Inc., the worm does not attempt to destroy files on infected
machines, but it sends e-mails and newsgroup postings without the victim's
knowledge and could cause network slowdowns or even crash corporate e-mail
servers.
The worm, so designated because it can replicate on its own, arrives
as an e-mail or newsgroup attachment and infects only users who run the
attachment.
Once they do, all victims see is a window with a fireworks display.
But behind the scenes, the worm alters the host computer's winsock32.dll
file, the computer's doorway to the Internet. Then, each time a user
intiates e-mail or newsgroup activity, by either receiving or sending e-mail
or posting to a newsgroup, Happy99 spams the newsgroup or e-mail recipient
with copies of itself. Any type of activity on port 25 or 119 will trigger
spam activity, according to Takata, senior software support engineer of Data
Fellows.
Tom - I suspect you have a virus problem.
Colin f
More information about the Synth-diy
mailing list