Happy99
Encyclopedia
Happy99 is a computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

 for Windows. It first appeared in mid-January 1999, spreading through email and usenet
Usenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...

. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

Significance

Happy99 was described by Paul Oldfield as "the first virus to spread rapidly by email". In the Computer Security Handbook, Happy99 is referred to as "the first modern worm". Happy99 also served as a template for the creation of ExploreZip
ExploreZip
ExploreZip, also known as I-Worm.ZippedFiles, is a destructive computer worm which attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999.Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or...

, another self-spreading virus.

Spread

The worm first appeared on 20 January 1999. Media reports of the worm started coming in from the United States and Europe, in addition to numerous complaints on newsgroups from users that had become infected with the worm. Asia Pulse reported 74 cases of the virus from Japan in February, and 181 cases were reported in March--a monthly record at the time. On 3 March 1999, a Tokyo job company accidentally sent 4000 copies of the virus to 30 universities in Japan.

Dan Schrader of Trend Micro
Trend Micro
Trend Micro Inc. is a computer security company. It is headquartered in Tokyo, Japan and markets Trend Micro Internet Security, Trend Micro Worry-Free Business Security, OfficeScan, and other related security products and services...

 said that Happy99 was the single most commonly reported virus in their system for the month of March. A virus bulletin published in February 2000 reported that Happy99 caused reports of file-infecting malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

 to reach over 16% in April of 1999. Sophos
Sophos
Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways....

 listed Happy99 among the top ten viruses reported in the year of 1999. Eric Chien, head of research at Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...

, reported that the worm was the second most reported virus in Europe for 2000. Marius Van Oers, a researcher for Network Associates, referred to Happy99 as "a global problem", saying that it was one of the most commonly reported viruses in 1999. When virus researcher Craig Schmugar posted a fix for the virus on his website, a million people downloaded it.

Technical details

Also known as "Ska", the worm spreads through email attachments and usenet. When executed, animated fireworks and a "Happy New Year" message are shown. The worm modifies Winsock
Winsock
In computing, the Windows Sockets API , which was later shortened to Winsock, is a technical specification that defines how Windows network software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application and the underlying...

, a Windows communication library, to allow itself to spread. The worm then attaches itself automatically to all subsequent emails and newsgroup posts sent by a user. The worm modifies a registry key to automatically start itself when the computer is rebooted. In some cases, the program may cause several error messages to appear.

The worm was written by a French virus writer known as "Spanska". Other than propagating itself, the worm does no further damage to an infected computer. The worm typically uses port 25 to spread, but uses port 119 if port 25 is not available. The executable of the worm is 10000 bytes in size; a list of spammed newsgroups and mail addresses is stored on the infected hard drive. The worm will only spread if the Winsock library is not set to read-only
Read-only
In computing, read-only can mean:* Read-only memory , a type of storage media* Read-only access to files or directories in file system permissions...

.

See also

  • Timeline of notable computer viruses and worms
    Timeline of notable computer viruses and worms
    This is a timeline of noteworthy computer viruses, worms and Trojan horses.- 1966 :* The work of John von Neumann on the "Theory of self-reproducing automata" is published...

  • List of computer viruses
  • Spam
    E-mail spam
    Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...

  • Malware
    Malware
    Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK