Original Sender : "Mark" <[EMAIL PROTECTED]> --------------------------------- > From: Tan, Bee Phing SHQ on behalf of Administrator SHQ > Sent: Thursday, February 04, 1999 9:05 AM > To: All Aiwa Singapore Users > Cc: Lim, Boon Seng AEM; Kus, Kusyantoro AIS; Dadang Sudrajat, ADK > Subject: Happy99.exe Virus! > > VIRUS ALERT > > Network Associates Advises E-mail and Newsgroup Users to Armor Up Against > Trojan Horse Worm Outbreak > > Happy99.exe Fireworks Graphic Delivers More Than New Year Cheer > > SANTA CLARA, Calif., January 28, 1999 - To educate and inform the computer > industry and its customers, the AVERT (Anti-Virus Emergency Response Team), > a division of NAI Labs at Network Associates (Nasdaq:NETA), warns users to > defend their computers from the virus, Happy99.exe. > > > Symptoms > > Happy99.exe displays a window with exploding fireworks and the message > "Happy New Year 1999!" The window appears on the computer monitor when a > user runs the Happy99.exe attachment that is delivered with the e-mail. > > Pathology > > Happy99.exe, also known as W32/SKA or the Ska Virus, is a Trojan Horse that > was first posted to newsgroups and has since propagated to infect users via > e-mail. This Trojan Horse is also considered a Worm because it can spread > itself by latching onto mail messages. In most cases a user sends > Happy99.exe unknowingly with outgoing messages. This self-replicating > ability led to the expedient outbreak of Happy99.exe, which has been > reported to several of the AVERT Labs locations worldwide. > > It has been widely reported that when Happy99.exe runs its fireworks > graphic, it modifies the Windows/System folder of a user's PC. If so, the > process is as follows. The virus copies itself to the folder under the name > SKA.EXE and then extracts a DLL from within itself to place in the folder. > Happy99.exe then backs up and modifies the existing WSOCK32.DLL file. The > modified WSOCK32.DLL file, WSOCK32.SKA, attaches the virus to a second copy > of outgoing e-mail and newsgroup messages. The virus also keeps a list of > message recipients in a file on the Windows/System folder. > > Happy99.exe does not deliver a known destructive payload, nor does it appear > to pose a threat to data. It does, however, spam the unconsenting recipient > and create covert parasitic activity on a system. It can also congest the > network and strain the e-mail server. AVERT has not yet seen this behavior, > but warns users of the Trojan's potential. > > Cure > > To ensure maximum security, it is recommended that users delete all files > associated with Happy.exe to remove the virus from their systems. AVERT has > developed Happy99.exe detection, which is available in Network Associates' > McAfee VirusScan versions 3.X and above. Detection is also available for the > Dr Solomon's Anti-Virus Tool Kit. The Happy99.exe detection utilities and > detailed information about Happy.exe are available at Network Associates' > Web site, www.nai.com <http://www.nai.com> . ---------------------------------------------------------------- Compu-Mania MailingList is provided by PT Centrin Utama Maintained by : [EMAIL PROTECTED] To Post a msg : Send mail to [EMAIL PROTECTED] To Unsubscribe : Mail to [EMAIL PROTECTED] BODY : unsubscribe Compu-Mania For more information, send mail to [EMAIL PROTECTED] with "HELP" in the BODY of your mail (without quote). ----------------------------------------------------------------
