Happy99
   HOME

TheInfoList



Click Here for Items Related To - Happy99
OR:
Happy99 on:   [Wikipedia]   [Google]   [Amazon]

Happy99 (also termed Ska or I-Worm) is a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
for
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.


Significance

Happy99 was described by Paul Oldfield as "the first virus to spread rapidly by email". In the ''Computer Security Handbook'', Happy99 is referred to as "the first modern worm". Happy99 also served as a template for the creation of
ExploreZip ExploreZip (also known as I-Worm.ZippedFiles) is a destructive computer worm that attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999. The worm contains a malicious payload, and utilizes Microsoft Outlook, ...
, another self-spreading virus.


Spread

The worm first appeared on 20 January 1999. Media reports of the worm started coming in from the United States and Europe, in addition to numerous complaints on newsgroups from users that had become infected with the worm. Asia Pulse reported 74 cases of the virus from Japan in February, and 181 cases were reported in March—a monthly record at the time. On 3 March 1999, a Tokyo job company accidentally sent 4000 copies of the virus to 30 universities in Japan. Dan Schrader of Trend Micro said that Happy99 was the single most commonly reported virus in their system for the month of March. A virus bulletin published in February 2000 reported that Happy99 caused reports of file-infecting
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
to reach over 16% in April 1999.
Sophos Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily ...
listed Happy99 among the top ten viruses reported in the year of 1999.
Eric Chien The given name Eric, Erich, Erikk, Erik, Erick, or Eirik is derived from the Old Norse name ''Eiríkr'' (or ''Eríkr'' in Old East Norse due to monophthongization). The first element, ''ei-'' may be derived from the older Proto-Norse ''* ...
, head of research at
Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...
, reported that the worm was the second most reported virus in Europe for 2000. Marius Van Oers, a researcher for Network Associates, referred to Happy99 as "a global problem", saying that it was one of the most commonly reported viruses in 1999. When virus researcher Craig Schmugar posted a fix for the virus on his website, a million people downloaded it.


Technical details

The worm spreads through email attachments and Usenet. When executed, animated fireworks and a "Happy New Year" message display. The worm modifies Winsock, a Windows communication library, to allow itself to spread. The worm then attaches itself automatically to all subsequent emails and newsgroup posts sent by a user. The worm modifies a registry key to automatically start itself when the computer is rebooted. In some cases, the program may cause several error messages to appear. The worm was written by a French virus writer known as "Spanska". Other than propagating itself, the worm does no further damage to an infected computer. The worm typically uses port 25 to spread, but uses port 119 if port 25 is not available. The executable of the worm is 10,000 bytes in size; a list of spammed newsgroups and mail addresses is stored on the infected hard drive. The worm spreads only if the Winsock library is not set to read-only.


See also

*
List of computer worms See also *Timeline of notable computer viruses and worms *Comparison of computer viruses * List of trojan horses References {{DEFAULTSORT:List Of Computer Worms Computer worms Worms Worms may refer to: *Worm, an invertebrate animal w ...
* Timeline of computer viruses and worms *
Comparison of computer viruses The compilation of a unified list of computer viruses is made difficult because of naming. To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software ...
* E-mail spam *
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...


References


External links


CERT Incident Note IN-99-02

Viruslist - Email-Worm.Win32.Happy
{{Hacking in the 1990s Email worms Hacking in the 1990s Email Spamming