Date: Fri 12-Mar-1999
Date: Fri 12-Mar-1999
Publication: Bee
Author: KAAREN
Quick Words:
Internet-Info-Brand
Full Text:
INTERNET INFO FOR REAL PEOPLE: The Happy99.exe Worm
It's in the Wild!
When a nasty program (a virus or worm) is set loose in the computer
environment, the professionals characterize this as being "in the wild." The
latest incident is the widespread infection of careless Windows 95/98/NT users
with the Happy99.exe worm (a.k.a. W32/Ska).
Definitions
A virus is a program that infects computers and often destroys, corrupts or
renames files on a hard drive. Michelangelo, perhaps the most well-known
virus, received vast public attention in the early '90s, but did very little
actual damage. A worm is a program that spreads infection by executing
instructions to replicate itself on fresh systems (hosts).
Rarely are files destroyed. The most famous program in this genus was the
Robert Morris worm that brought the Internet to its knees in 1988.
Happy99.exe is a worm.
Could You Be Infected?
The increasing popularity of attaching files to e-mail contributes
significantly to the spread of Happy99.exe (H99). Netsters at 'highest risk'
use a browser e-mail reader, indiscriminately open e-mail attachments, have
not kept the virus checker updated or received e-mail from Bigfoot (free HTML
e-mail service similar to Hotmail or Yahoo!).
When H99 arrives, the recipient must open the attachment (often by clicking on
the paperclip icon) and watching a short fireworks display announcing "Happy
New Year 1999!!" Often modern day cyber-typhoid Marys spread H99 to
unsuspecting friends while sending one of the ubiquitous jokes that show up in
e-mail boxes across cyber-land.
Detection and Removal
If a user suspects the infection has spread to his PC, detection takes a few
keystrokes. Click Start> Find Files & Folders. Enter "ska" (without the
quotes) in the window. Click Find Now (Tip: make sure to search through all
your hard drives). If the file ska.exe appears on any drive, your computer
carries the worm. Delete the file immediately. For removal of all pieces of
the beast, complete instructions can be found at:
http://www.symantec.com/avcenter/venc/data/happy99.worm.html. The process
takes only a few minutes.
My Experience
I received a notice from Louise See in late February who forwarded a H99
warning from Erols (a large regional ISP). Erols estimated that 2 percent of
its e-mail was infected with the worm. Within a few days, I received e-mail
from a member of the ComputersForSeniors listserv. The body of the message was
empty. However the Happy99.exe worm arrived in text form. My Juno e-mail
account accepted the entire worm encased in a UUENCODE format cocoon - 13,582
bytes total. (Note: Juno does not accept binary attachments so Juno e-mailers
do not have to worry about infection). Wow! It was like receiving a large dead
moth that had been carefully pancaked in a musty tome. In order to convert it
back to a live worm, I would have had to UUDECODE file. The insidious nature
of this cyber-gift means that unscrupulous crackers could reverse engineer the
creature. Virulent strains of the innocuous template could evolve.
Scary!
Jerry DeOreo, listowner of ComputersForSeniors, quickly fired off a warning to
list members alerting everyone of the potential danger. He further suggested a
visit to an on-line site dedicated to virus scanning:
http://housecall.antivirus.com/explorer.html. Good advise for `at risk'
netsters.
Lots of Activity
Discussion of Happy99.exe permeates the Net in listservs and newsgroups
everywhere. Perhaps it speaks to the growing maturity of the Internet that
calm heads prevail when the problem is discussed. Hopefully, there will be
this same type of sober discussion should a more nasty strain appear.
URLs (Uniform Resource Locators) of interest:
http://www-swiss.ai.mit.edu/6805/articles/morris-worm.html
http://www.geocities.com/SiliconValley/Heights/3652/ska.htm
http://beta.nai.com/public/datafiles/valerts/vinfo/w32ska.asp
http://www.wired.com/news/news/technology/story/18208/html
(This is the 145th of a series of elementary articles designed for surfing the
Internet. Next, E-mail Headers is the subject on tap. Stay tuned. Until next
week, happy travels through cyberspace. Previous issues of Internet Info for
Real People can be found: http://www.thebee.com. Please e-mail comments and
suggestions to: rbrand@JUNO.com or editor@thebee.com.)