DIVTX144 - Waarschuwing nieuw virus "happy99"

Een broodjeaapverhaal (e-mail), donderdag 11 maart 1999

Hoofdtekst

Posted-Date: Thu, 11 Mar 1999 12:32:16 +0100
From: "A & A" [...]
To: "Theo Meder" <Theo.Meder@Meertens.knaw.nl>
Subject: Fw: Waarschuwing nieuw virus "happy99".
Date: Thu, 11 Mar 1999 12:36:01 +0100
MIME-Version: 1.0
charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3

Hoi Theo,
Hier is er weer eentje voor The Mystery Glitch
ze worden wel steeds inventiever, vind je niet?!
Groeten van Anouk

-----Oorspronkelijk bericht-----
Van: [...]
Aan: 'Andor van Dijk' [...]
Datum: vrijdag 5 maart 1999 8:33
Onderwerp: DS: Waarschuwing nieuw virus "happy99".

>
>
>----------
>Van: [...]
>Verzonden: vrijdag 5 maart 1999 7:45
>Aan: [...]
>Onderwerp: Waarschuwing nieuw virus "happy99".
>
>Dit mailtje heb ik onlangs ontvangen vanuit Amerika. Lees het even door het
>is beslist geen grap. Stuur deze waarschuwing door naar andere gebruikers.
>
>Groeten,
>Rob
>
>
>
>Dear friends,
>
>Below a little explenation about the Happy99-virus. Please note that if
>infected this virus will automatically spread whenever you send an email.
So
>if you are infected and do not have an effective anti-virusprogram, but
have
>to email to somebody please warn them not to open the happy99-attachment.
>Personally I think that people who invent thse things are sick.
>
>Luckily there is some kind of medicine. At the website of McAfee a free
>trial-version of their virusscanner is available for download. Best use the
>deluxe 4.0 version, also available are diverse updates, so check the site
>frequently.
>
>http://www.mcafee.com <http://www.mcafee.com>
>
>Regards,
>
>Dennis Prosman
>
>
>W32/Ska (A.K.A. Happy99.exe)
>
>
>W32/Ska is a worm that was first posted to several newsgroups and has been
>reported to several of the AVERT Labs locations worldwide. When this worm
is
>run it displays a message "Happy New Year 1999!!" and displays "fireworks"
>graphics. The posting on the newsgroups has lead to its propagation. It can
>also spread on its own, as it can attached itself to a mail message and be
>sent unknowingly by a user. Because of this attribute it is also considered
>to be a worm.
>
>
>AVERT cautions all users who may receive the attachment via email to simply
>delete the mail and the attachment. The worm infects a system via email
>delivery and arrives as an attachment called Happy99.EXE. It is sent
>unknowingly by a user. When the program is run it deploys its payload
>displaying fireworks on the users monitor.
>
>Note: At this time no destructive payload has been discovered.
>
>When the Happy.EXE is run it copies itself to Windows\System folder under
>the name SKA.EXE. It then extracts, from within itself, a DLL called
SKA.DLL
>into the Windows\System folder if one does not already exist.
>
>Note: Though the SKA.EXE file file is a copy of the original it does not
run
>as the Happy.EXE files does, so it does not copy itself again, nor does it
>display the fireworks on the users monitor.
>
>The worm then checks for the existence of WSOCK32.SKA in the Windows\System
>folder, if it does not exist and a the file WSOCK32.DLL does exist, it
>copies the WSOCK32.DLL to WSOCK32.SKA.
>
>The worm then creates the registry entry -
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Ska.ex
e
>="Ska.exe"
>
>- which will execute SKA.EXE the next time the system is restarted. When
>this happens the worm patches WSOCK32.DLL and adds hooks to the exported
>functions EnumProtocolsW and WSAAsyncGetProtocolByName.
>
>The patched code calls two exported functions in SKA.DLL called mail and
>news, these functions allow the worm to attach itself to SMTP e-mail and
>also to any postings to newsgroups the user makes.
>
>AVERT has made detection for the worm available for all Network Associates
>VirusScan products. Please chose from the link below to download the
product
>you need.
>
>
>
>
>
>Rob Westdorp
[...]

Onderwerp

BRUN 07405 - Viruses, `The Mystery Glitch', etc. BRUN 07405 - Viruses, `The Mystery Glitch', etc.

BRUN 07405: Alle volksverhalen
BRUN 07405 verhaaltype
BRUN 07405 in Lexicon

Beschrijving

Waarschuwing voor een 'worm' of virus dat zich per email verspreidt, genaamd HAPPY99.EXE

Bron

Commentaar

11 maart 1999

In tegenstelling tot eerdere viruswaarschuwingen, betreft het hier een reëel virus.

Viruses, `The Mystery Glitch', etc.

Naam Overig in Tekst

Dennis Prosman Dennis Prosman

Dennis Prosman: Alle volksverhalen

McAfee McAfee

McAfee: Alle volksverhalen

HAPPY99 HAPPY99

HAPPY99: Alle volksverhalen

AVERT AVERT

AVERT: Alle volksverhalen

SKA.EXE SKA.EXE

SKA.EXE: Alle volksverhalen

SKA.DLL SKA.DLL

SKA.DLL: Alle volksverhalen

Windows Windows

Windows: Alle volksverhalen

WSOCK32.SKA WSOCK32.SKA

WSOCK32.SKA: Alle volksverhalen

WSOCK32.DLL WSOCK32.DLL

WSOCK32.DLL: Alle volksverhalen

Naam Locatie in Tekst

Amerika Amerika

Amerika: Alle volksverhalen

Rob Westdorp Rob Westdorp

Rob Westdorp: Alle volksverhalen

Datum Invoer

2013-03-01 14:46:20

Locaties

Plaats van vertellen
Utrecht, Utrecht, Utrecht, Nederland, Europa, Aarde,

Vergelijkbare verhalen

Naar geavanceerde netwerkvisualisatie

Metadata

Infolinks weergeven
Infolinks verbergen

Identificatie code:	DIVTX144
Subgenre:	broodjeaapverhaal broodjeaapverhaal broodjeaapverhaal: Alle volksverhalen
Type bron:	e-mail e-mail e-mail: Alle volksverhalen
Taal:	Standaardnederlands Standaardnederlands Standaardnederlands: Alle volksverhalen Engels Engels Engels: Alle volksverhalen
Datum:	donderdag 11 maart 1999
Bereik:	Utrecht (Utrecht)
Kloekenummer:	E192p E192p E192p: Externe link E192p: Alle volksverhalen
Maker / Verteller:	Siegenbeek - Van Heukelom, Anouk Siegenbeek - Van Heukelom, Anouk Siegenbeek - Van Heukelom, Anouk: Alle volksverhalen
Verzamelaar:	Anouk Siegenbeek van Heukelom Anouk Siegenbeek van Heukelom Anouk Siegenbeek van Heukelom: Alle volksverhalen
Rechten:	ja
Literair:	nee
Extreem:	nee

Trefwoorden

attachment, computer, email, verzenden, virus, waarschuwing, worm

Facebook Twitter E-mail