From Wikipedia, the free encyclopedia
AliasesSka, I-Worm
TypeComputer worm
Port(s) used25, 119[1][2]
Operating system(s) affectedWindows 95,
Windows 98,
Windows NT[3]
Filesize10,000 bytes

Happy99 (also termed Ska or I-Worm)[4] is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.


Happy99 was described by Paul Oldfield as "the first virus to spread rapidly by email".[5] In the Computer Security Handbook, Happy99 is referred to as "the first modern worm".[6] Happy99 also served as a template for the creation of ExploreZip, another self-spreading virus.[7]


The worm first appeared on 20 January 1999.[8] Media reports of the worm started coming in from the United States and Europe, in addition to numerous complaints on newsgroups from users that had become infected with the worm.[9] Asia Pulse reported 74 cases of the virus from Japan in February, and 181 cases were reported in March—a monthly record at the time.[10][11] On 3 March 1999, a Tokyo job company accidentally sent 4000 copies of the virus to 30 universities in Japan.[12]

Dan Schrader of Trend Micro said that Happy99 was the single most commonly reported virus in their system for the month of March.[13] A virus bulletin published in February 2000 reported that Happy99 caused reports of file-infecting malware to reach over 16% in April 1999.[14] Sophos listed Happy99 among the top ten viruses reported in the year of 1999.[15] Eric Chien, head of research at Symantec, reported that the worm was the second most reported virus in Europe for 2000.[16] Marius Van Oers, a researcher for Network Associates, referred to Happy99 as "a global problem", saying that it was one of the most commonly reported viruses in 1999.[17] When virus researcher Craig Schmugar posted a fix for the virus on his website, a million people downloaded it.[18]

Technical details[edit]

The worm spreads through email attachments and usenet.[19][20][21] When executed, animated fireworks and a "Happy New Year" message display.[19][22] The worm modifies Winsock, a Windows communication library, to allow itself to spread.[19] The worm then attaches itself automatically to all subsequent emails and newsgroup posts sent by a user.[23] The worm modifies a registry key to automatically start itself when the computer is rebooted. In some cases, the program may cause several error messages to appear.[24]

The worm was written by a French virus writer known as "Spanska". Other than propagating itself, the worm does no further damage to an infected computer.[25][26] The worm typically uses port 25 to spread, but uses port 119 if port 25 is not available.[24] The executable of the worm is 10,000 bytes in size; a list of spammed newsgroups and mail addresses is stored on the infected hard drive.[22][27] The worm spreads only if the Winsock library is not set to read-only.

See also[edit]


  1. ^ Stephen Watkins; Gregg, Michael B. (2006). Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network. Syngress Publishing. pp. 407, 408. ISBN 1-59749-109-8.
  2. ^ Davis, Peter (2002). Securing and controlling Cisco routers. Boca Raton: Auerbach Publications. pp. 621, 622. ISBN 0-8493-1290-6.
  3. ^ George Skarbek (16 March 1999). "Tech talk - Happy99 Virus". The Courier-Mail.
  4. ^ Roger A. Grimes (2001). Malicious Mobile Code: Virus Protection for Windows. Sebastopol, CA: O'Reilly. pp. 6. ISBN 1-56592-682-X.
  5. ^ Paul Oldfield (2001). Computer viruses demystified. Aylesbury, Bucks: Sophos. p. 32. ISBN 0-9538336-0-7.
  6. ^ Bosworth, Seymour; Kabay, Michel E. (2002). Computer security handbook. Chichester: John Wiley & Sons. pp. 44. ISBN 0-471-26975-1.
  7. ^ Rosie Lombardi (2 July 1999). "Microsoft's dominance plays a role". Computing Canada.
  8. ^ Ellis, Juanita; Korper, Steffano (2001). The E-commerce book: building the E-empire. San Diego: Academic. pp. 192. ISBN 0-12-421161-5.
  9. ^ David Watts (16 February 1999). "Help Desk". The West Australian.
  10. ^ "251 Cases of Computer Virus Damage Reported in Japan in Feb". Asia Pulse. 7 March 1999.
  11. ^ Makoto Ushida (19 April 1999). "Cyberslice - Experts warn of lurking computer viruses". Asahi Shimbun.
  12. ^ "Virus-tainted e-mail sent to 4,000". The Daily Yomiuri. 6 June 1999.
  13. ^ Clint Swett; Eric Young (7 April 1999). "Tech Talk Column". The Sacramento Bee.
  14. ^ "Virus Bulletin". Virus Bulletin: The Authoritative International Publication on Computer Virus Prevention, Recognition, and Removal. Virus Bulletin Ltd. 2000. ISSN 0956-9979.
  15. ^ "Old viruses live on". Adelaide Advertiser. 19 February 2000.
  16. ^ "Virus variants put users at risk Users are at risk from new variants of popular viruses which can evade some antivirus protection". World Reporter TM. 6 March 2000.
  17. ^ Deborah Scoblionkov (2 March 1999). "Bigfoot Users Get a Hotfoot". Wired.
  18. ^ Jeffrey Kosseff (15 September 2003). "Virus-Hunters Scour Internet with 'Dirty' Computers". The Oregonian.
  19. ^ a b c Chen, William W. L. (2005). Statistical methods in computer security. New York, N.Y: Marcel Dekker. p. 272. ISBN 0-8247-5939-7.
  20. ^ Michael J. Isaac; Isaac, Debra S. (2003). The SSCP prep guide: mastering the seven key areas of system security. New York: Wiley. p. 0471273511. ISBN 0-471-27351-1.
  21. ^ Roberta Fusaro (29 January 1999). "Internet worm can crash corporate servers". CNN.
  22. ^ a b Rubin, Aviel D. (2001). White-hat security arsenal: tackling the threats. Boston: Addison-Wesley. pp. 31. ISBN 0-201-71114-1.
  23. ^ Carrie Kirby (22 December 2000). "Holiday E-Mail Gives Viruses An Opportunity". San Francisco Chronicle.
  24. ^ a b Grover, Amit (August 2003). "Application Adaptive Bandwidth Management Using Real-Time Network Monitoring" (PDF): 77–78. Archived from the original (PDF) on 14 September 2006. Retrieved 27 March 2009. {{cite journal}}: Cite journal requires |journal= (help)
  25. ^ Knittel, Brian; Cowart, Robert; Cowart, Bob (1999). Using MicroSoft Windows 2000 professional. Indianapolis, Ind: Que. pp. 936. ISBN 0-7897-2125-2.
  26. ^ Trefor Roscoe (2004). Rapid Reference to Computers: Rapid Reference Series. St. Louis: Mosby. p. 38. ISBN 0-7234-3357-7.
  27. ^ Bob Sullivan (27 January 1999). "Happy99.exe worm spreads on Net". ZDNet.[permanent dead link]

External links[edit]