ULEG0291

X-Sender: [...]
Date: Mon, 01 Mar 1999 09:41:09 +0100
To: Theo.Meder@meertens.knaw.nl
From: "E.Venbrux" [...]
Subject: virus-verhalen
Mime-Version: 1.0

Beste Theo,

voor je collectie - kreeg volgende toegestuurd:

>And now for something completely different:
>
>Open nooit een attachment met de naam "happy99.exe".
>
>Het schijnt deze keer echt geen flauwekul te zijn, en ik heb de volgende
>informatie gekregen van een discussion list waarop het probleem zich
>daadwerkelijk heeft voorgedaan:
>
>
>~~~~~~~~~~~~~~~~~~~~~~
>
>The first modern Internet Worm discovered in-the-wild
>
>This computer worm is a kind of virus programs that does not affect files to
>spread its copies, but just sends itself to the Internet as an attach in the
>e-mail messages. The worm had been posted by somebody (maybe by virus author)
>to several news servers, and on next day Kaspersky labs got the
>report that it was discovered In-The-Wild in Europe and continued spreading.
>We
>have no reports from USA and other countries yet.
>
>The worm arrives as an attach in the e-mails as a HAPPY99.EXE file. Note:the
>affected sender does know that the worm appends attaches on sending.
>
>When an infected attach is executed and gets control, the worm displays a
>funny
>firework in a program's window to hide its malicious nature. During that it
>installs itself into the system, hooks sendings to the Internet, converts its
>code to the attach and appends it to the messages. As a result
>the worm being installed into the system is able to spread its copies to all
>the address the messages are sent to.
>
>Removal and Protection
>
>If the worm is detected in your system you can easily get rid of it just by
>deleting SKA.EXE and SKA.DLL files in the system Windows directory. You also
>should delete the WSOCK32.DLL file and replace it with WSOCK32.SKA original
>file. The original HAPPY99.EXE file should be also located and deleted.
>
>To protect your computer from re-infection you need just to set Read-Only
>attribute for the WSOCK32.DLL file. The worm does not pay attention to
>Read-Only mode, and fails to patch the file. This trick was discovered by
>Peter
>Szor at DataFellows http://www.datafellows.com
>
>
Groetjes,
E.

BRUN 07405 - Viruses, `The Mystery Glitch', etc.    BRUN 07405 - Viruses, `The Mystery Glitch', etc.   

Een computer-virus, een zogenaamde Worm, verspreidt zich als attachment van email berichten, en infecteert zo andere computers.

Email-bericht Internet, ontvangen van Eric Venbrux (forward)

1 maart 1999

Viruses, "The Mystery Glitch" etc.

Windows    Windows   

HAPPY99.EXE    HAPPY99.EXE   

Internet    Internet   

Kaspersky labs    Kaspersky labs   

SKA.EXE    SKA.EXE   

SKA.DLL    SKA.DLL   

WSOCK32.DLL    WSOCK32.DLL   

WSOCK32.SKA    WSOCK32.SKA   

Peter Szor    Peter Szor   

DataFellows    DataFellows   

Worm    Worm   

Europa    Europa   

USA (VS    USA (VS   

Amerika)    Amerika)   

2013-03-01 14:46:20