Happy99

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Happy99
Happy99.PNG
Aliases Ska, I-Worm
Type Computer worm
Author(s) "Spanska"[1]
Port(s) used 25, 119[2][3]
Operating system(s) affected Windows 95/98/NT[4]
Filesize 10000 bytes

Happy99 (also known as Ska or I-Worm)[5] is a computer worm for Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

Significance[edit]

Happy99 was described by Paul Oldfield as "the first virus to spread rapidly by email".[6] In the Computer Security Handbook, Happy99 is referred to as "the first modern worm".[7] Happy99 also served as a template for the creation of ExploreZip, another self-spreading virus.[8]

Spread[edit]

The worm first appeared on 20 January 1999.[9] Media reports of the worm started coming in from the United States and Europe, in addition to numerous complaints on newsgroups from users that had become infected with the worm.[10] Asia Pulse reported 74 cases of the virus from Japan in February, and 181 cases were reported in March—a monthly record at the time.[11][12] On 3 March 1999, a Tokyo job company accidentally sent 4000 copies of the virus to 30 universities in Japan.[13]

Dan Schrader of Trend Micro said that Happy99 was the single most commonly reported virus in their system for the month of March.[14] A virus bulletin published in February 2000 reported that Happy99 caused reports of file-infecting malware to reach over 16% in April 1999.[15] Sophos listed Happy99 among the top ten viruses reported in the year of 1999.[16] Eric Chien, head of research at Symantec, reported that the worm was the second most reported virus in Europe for 2000.[17] Marius Van Oers, a researcher for Network Associates, referred to Happy99 as "a global problem", saying that it was one of the most commonly reported viruses in 1999.[18] When virus researcher Craig Schmugar posted a fix for the virus on his website, a million people downloaded it.[19]

Technical details[edit]

Also known as "Ska", the worm spreads through email attachments and usenet.[20][21][22] When executed, animated fireworks and a "Happy New Year" message are shown.[20][23] The worm modifies Winsock, a Windows communication library, to allow itself to spread.[20] The worm then attaches itself automatically to all subsequent emails and newsgroup posts sent by a user.[24] The worm modifies a registry key to automatically start itself when the computer is rebooted. In some cases, the program may cause several error messages to appear.[25]

The worm was written by a French virus writer known as "Spanska". Other than propagating itself, the worm does no further damage to an infected computer.[26][27] The worm typically uses port 25 to spread, but uses port 119 if port 25 is not available.[25] The executable of the worm is 10000 bytes in size; a list of spammed newsgroups and mail addresses is stored on the infected hard drive.[1][23] The worm will only spread if the Winsock library is not set to read-only.

See also[edit]

References[edit]

  1. ^ a b Bob Sullivan (27 January 1999). "Happy99.exe worm spreads on Net". ZDNet. 
  2. ^ Stephen Watkins; Gregg, Michael B. (2006). Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network. Syngress Publishing. pp. 407, 408. ISBN 1-59749-109-8. 
  3. ^ Davis, Peter (2002). Securing and controlling Cisco routers. Boca Raton: Auerbach Publications. pp. 621, 622. ISBN 0-8493-1290-6. 
  4. ^ George Skarbek (16 March 1999). "Tech talk - Happy99 Virus". The Courier-Mail. 
  5. ^ Roger A. Grimes (2001). Malicious Mobile Code: Virus Protection for Windows. Sebastopol, CA: O'Reilly. p. 6. ISBN 1-56592-682-X. 
  6. ^ Paul Oldfield (2001). Computer viruses demystified. Aylesbury, Bucks: Sophos. p. 32. ISBN 0-9538336-0-7. 
  7. ^ Bosworth, Seymour; Kabay, Michel E. (2002). Computer security handbook. Chichester: John Wiley & Sons. p. 44. ISBN 0-471-26975-1. 
  8. ^ Rosie Lombardi (2 July 1999). "Microsoft's dominance plays a role". Computing Canada. 
  9. ^ Ellis, Juanita; Korper, Steffano (2001). The E-commerce book: building the E-empire. San Diego: Academic. p. 192. ISBN 0-12-421161-5. 
  10. ^ David Watts (16 February 1999). "Help Desk". The West Australian. 
  11. ^ "251 Cases of Computer Virus Damage Reported in Japan in Feb". Asia Pulse. 7 March 1999. 
  12. ^ Makoto Ushida (19 April 1999). "Cyberslice - Experts warn of lurking computer viruses". Asahi Shimbun. 
  13. ^ "Virus-tainted e-mail sent to 4,000". The Daily Yomiuri. 6 June 1999. 
  14. ^ Clint Swett; Eric Young (7 April 1999). "Tech Talk Column". The Sacramento Bee. 
  15. ^ "Virus Bulletin". Virus Bulletin Ltd. 2000. ISSN 0956-9979. 
  16. ^ "Old viruses live on". Adelaide Advertiser. 19 February 2000. 
  17. ^ "Virus variants put users at risk Users are at risk from new variants of popular viruses which can evade some antivirus protection". World Reporter TM. 6 March 2000. 
  18. ^ Deborah Scoblionkov (2 March 1999). "Bigfoot Users Get a Hotfoot". Wired. 
  19. ^ Jeffrey Kosseff (15 September 2003). "Virus-Hunters Scour Internet with 'Dirty' Computers". The Oregonian. 
  20. ^ a b c Chen, William W. L. (2005). Statistical methods in computer security. New York, N.Y: Marcel Dekker. p. 272. ISBN 0-8247-5939-7. 
  21. ^ Michael J. Isaac; Isaac, Debra S. (2003). The SSCP prep guide: mastering the seven key areas of system security. New York: Wiley. p. 0471273511. ISBN 0-471-27351-1. 
  22. ^ Roberta Fusaro (29 January 1999). "Internet worm can crash corporate servers". CNN. 
  23. ^ a b Rubin, Aviel D. (2001). White-hat security arsenal: tackling the threats. Boston: Addison-Wesley. p. 31. ISBN 0-201-71114-1. 
  24. ^ Carrie Kirby (22 December 2000). "Holiday E-Mail Gives Viruses An Opportunity". San Francisco Chronicle. 
  25. ^ a b Grover, Amit (August 2003). "Application Adaptive Bandwidth Management Using Real-Time Network Monitoring" (pdf). pp. 77–78. Retrieved 27 March 2009. 
  26. ^ Knittel, Brian; Cowart, Robert; Cowart, Bob (1999). Using MicroSoft Windows 2000 professional. Indianapolis, Ind: Que. p. 936. ISBN 0-7897-2125-2. 
  27. ^ Trefor Roscoe (2004). Rapid Reference to Computers: Rapid Reference Series. St. Louis: Mosby. p. 38. ISBN 0-7234-3357-7. 

External links[edit]