This is a multi-part message in MIME format. --------------CE9F898258A5452B432A4BC0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Believe this Happy99 crashed our e-mail last week. We have anti-virus on all the time but did not update either. It took us a while (and help from Gateway) to get back our mail. Do be alert! --------------CE9F898258A5452B432A4BC0 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: by juice.wwnet.net (mbox krstnwallace) (with Cubic Circle's cucipop (v1.31 1998/05/13) Tue Feb 9 23:13:00 1999) X-From_: NYC-ROOTS-L-request@rootsweb.com Tue Feb 9 22:21:32 1999 Return-Path: <NYC-ROOTS-L-request@rootsweb.com> Received: from bl-14.rootsweb.com (bl-14.rootsweb.com [204.212.38.30]) by slice.wwnet.net (8.8.8/8.8.7) with ESMTP id WAA23884 for <krstnwallace@wwnet.com>; Tue, 9 Feb 1999 22:21:32 -0500 Received: (from slist@localhost) by bl-14.rootsweb.com (8.8.5/8.8.5) id TAA00236; Tue, 9 Feb 1999 19:03:55 -0800 (PST) Resent-Date: Tue, 9 Feb 1999 19:03:55 -0800 (PST) Message-Id: <4.1.19990209214712.00c14d90@mailhost.gso.infi.net> X-Sender: cwsulliv@mailhost.gso.infi.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 09 Feb 1999 21:56:45 -0600 Old-To: NYC-ROOTS-L@rootsweb.com From: Charles Sullivan <cwsulliv@nr.infi.net> Subject: Re: [NYC] Re: virus advisory (fwd) In-Reply-To: <3.0.32.19990209194916.006b5314@pop01.ny.us.ibm.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Resent-Message-ID: <"ChhfTD.A.ZD.YcPw2"@bl-14.rootsweb.com> To: NYC-ROOTS-L@rootsweb.com Resent-From: NYC-ROOTS-L@rootsweb.com X-Mailing-List: <NYC-ROOTS-L@rootsweb.com> archive/latest/13171 X-Loop: NYC-ROOTS-L@rootsweb.com Precedence: list Resent-Sender: NYC-ROOTS-L-request@rootsweb.com X-Mozilla-Status2: 00000000 The trouble is that these viruses can spread so fast that the anti-virus software can't keep up with it. A person on one mailing list sent me a copy of this happy99.exe. I would never run such a thing (and my browser is set not to do it automatically) so no harm was done. But I tried checking it with McAfee's virus detector and got no response. Of course I hadn't updated the virus database in a while so the fault may be mine. Regards, Charles Sullivan "Jack O'Connor" <jackoc@ibm.net> wrote: >I assume, there I go again, that anyone using the net has some anti-virus >software running at all times. > > >Jack > >At 02:31 PM 2/9/99 -0800, Ed Nugent wrote: >>This appears like it may be real. For one thing it is of a file type that >>can carry a virus >> >>>X-Sender: kpratte@bit-net.com >>>Date: Tue, 09 Feb 1999 10:01:20 -0500 >>>To: James M Newcomb <jnewcomb@christa.unh.edu> >>>From: Ken Pratte <kpratte@bit-net.com> >>>Subject: Re: virus advisory (fwd) >>>Cc: Dad & Mom Newcomb <rnewc@bit-net.com>, >>> Ed Nugent <nugent_tree@geocities.com> >>> >>>This one is a real one.. We've been seeing the affects in some of the >>>newsgroups. >>> >>>- Ken >>> >>> >>>At 09:46 AM 2/9/99 , James M Newcomb wrote: >>>>---------- Forwarded message ---------- >>>>Date: Mon, 08 Feb 1999 11:49:02 -0500 >>>>From: Jessica Bolker <jbolker@cisunix.unh.edu> >>>>To: Zoology Dept Bulletin Board <zoologytails@lists.unh.edu> >>>>Subject: virus advisory >>>> >>>>So many warnings are bogus I hesitate to forward any, but this one seems >>>>legit -- at least according to IU computer services, who are pretty on the >>>>ball. >>>> >>>>> Computing Support is always available at >>>>> Computing Help Online >>>>> http://www.indiana.edu/~ucshelp >>>>> >>>>>Hello, >>>>> >>>>>This does not appear to be a hoax. See: >>>>> >>>>> http://www.datafellows.com/v-descs/ska.htm >>>>>> >>>>>> From: Peter W Bixby <pwb@hopper.unh.edu> >>>>>> To: ucshelp@indiana.edu >>>>>> Date: Fri, 5 Feb 1999 10:41:35 -0500 (EST) >>>>>> Subject: Incident # 328.110: == VIRUS WARNING ==read this one, please >>(fwd) >>>>>> I got this virus warning on a listserv. is it something to worry about, >>>>>> or is it a goodtimes variant? >>>>>> Peter Bixby >>>>>> pbixby@falstaff >>>>>> >>>>>> HAPPY99.EXE worm spreads on Net >>>>>> >>>>>> By Bob Sullivan MSNBC Jan. 26 _ >>>>>> A computer worm called Happy99.exe is making >>>>>> its way around the Internet, sending hundreds of copies of itself via >>>>>> e-mail attachments and newsgroup postings. According to Helsinki, >>>>>> Finland, data security firm Data Fellows Inc., the worm is currently >>>>>> in the wild in Europe and will likely spread very quickly to North >>>>>> America. It does not attempt to destroy files on infected machines, >>>>>> but it sends e-mails and newsgroup postings without the victim's >>>>>> knowledge and could cause network slowdowns or even crash corporate >>>>>> e-mail servers. >>>>>> >>>>>> THE WORM, SO-CALLED because it can replicate on its own, first >>>>>> surfaced a little over a week ago, and since then, hundreds of >>>>>> newsgroup posters have complained about the annoyance. Like most >>>>>> computer pests, it arrives as an e-mail or newsgroup attachment and >>>>>> infects only users who run the attachment. Once they do, all victims >>>>>> see is a window with a fireworks display. But behind the scenes, the >>>>>> worm alters the host computer's winsock32.dll file, the computer's >>>>>> doorway to the Internet. Then, each time a user intiates e-mail or >>>>>> newsgroup activity, by either receiving or sending e-mail or posting >>>>>> to a newsgroup, Happy99 spams the newsgroup or e-mail recipient with >>>>>> copies of itself. Any type of activity on port 25 or 119 will >>>>>> trigger spam activity, according to Dan Takata, senior software >>>>>> support engineer of Data Fellows. It also keeps a list of the spammed >>>>>> e-mail addresses and newsgroups in a separate file called LISTE.SKA. >>>>>> Because the original version of winsock32.dll is preserved in backup >>>>>> form as WSOCK32.SKA, newsgroup posters say they've been able to >>>>>> restore their machines without much difficulty. Data Fellows has a >>>>>> patch that recognizes the worm. It poses no risk to data, but can be >>>>>> more than a nuisance to network administrators. "If you have 100 PCs >>>>>> and everyone is checking e-mail at 9 a.m. and this thing starts >>>>>> flying around, absolutely it can slow down a network," Takata said. >>>>>> "It can crash your e-mail server. I wouldn't be surprised if it >>>>>> did." Because the e-mail header contains "MOUT-MOUT Hybrid (c) >>>>>> Spanska 1999." Takata speculated that the Happy99 author also wrote >>>>>> a series of viruses known as the spanska viruses (click here for a >>>>>> description). Those were first reported in September 1997 and >>>>>> randomly displayed political messages, such as, "Remember those who >>>>>> died for Madrid." >>>>>> >>>>>> OF COURSE, THE BEST WAY TO KEEP FREE OF THIS VIRUS IS NOT TO RUN THE >>>>>> HAPPY99.EXE FILE IF YOU COME ACROSS IT. >>>>>> >>>>>> Thank you, >>>>>> Computer Services Dept. >>>> >>> >>> >>> >>-- >>Ed Nugent May be reached at nugent_tree@geocities.com >>genealogy web: http://www.geocities.com/Heartland/Plains/8622 >>Photo web: http://www.jps.net/ednugent/index2.htm >> >>Need a book for school or just plain enjoyment >>Checkout my bookstore at >>http://members.tripod.com/~Ed_nugent/book-index.htm >> >> >>==== NYC-ROOTS Mailing List ==== >>GEN. RESOURCES ON THE 'NET - http://members.aol.com/johnf14246/internet.html >> >> >> > >Jack O'Connor > >http://www.familytreemaker.com/users/o/c/o/Jack-R-Oconnor/ >MURRAY, LYNCH, HIGGINS, BAXTER, HOGAN, DALY, McGUINNESS > > >==== NYC-ROOTS Mailing List ==== >USGENWEB - http://www.usgenweb.org/ ==== NYC-ROOTS Mailing List ==== List problems? Contact NYC-ROOTS listowner Carol C-H <cch@netdoor.com> --------------CE9F898258A5452B432A4BC0--