FW: Internet Worm

Libor Michalak pieris at sprint.ca
Fri Feb 19 08:54:39 PST 1999

I thought all should know about this and act accordingly at their


Subject: Internet Worm

This message is a warning to all users who have e-mail accounts at home,
and who receive e-mails with attachments. The specific attachment in
question is called "Happy99.exe".

Happy99.exe started making its way around the Internet about Jan. 20,
sending hundreds of copies of itself via e-mail attachments and
newsgroup postings. The worm does not attempt to destroy files on
infected machines, but it sends e-mails and newsgroup postings without
the victim's knowledge and could cause network slowdowns or even crash
corporate e-mail servers. The worm, so designated because it can
replicate on its own, arrives as an e-mail or newsgroup attachment and
infects only users who run the attachment.

Once they do, all victims see is a window with a fireworks display. But
behind the scenes, the worm alters the host computer's winsock32.dll
file, the computer's doorway to the Internet. Then, each time a user
initiates e-mail or newsgroup activity, by either receiving or sending
e-mail or posting to a newsgroup, Happy99 spams (sends unsolicited mail
to) the newsgroup or e-mail recipient with copies of itself.

Because the original version of wsock32.dll is preserved in backup form
as WSOCK32.SKA, newsgroup posters say they've been able to restore their
machines without much difficulty. Infected users can go to


for full instructions on how to remove the worm from their systems.

More information about the Tweeters mailing list