Happy99 | |
---|---|
Alias | Ska, I-Worm |
Type | Computer worm |
Authors | "Spanska" |
Technical details | |
Platform | Windows 95, Windows 98, Windows NT [1] |
Size | 10,000 bytes |
Ports used | 25, 119 [2] [3] |
Happy99 (also termed Ska or I-Worm) [4] is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.
Happy99 was described by Paul Oldfield as "the first virus to spread rapidly by email". [5] In the Computer Security Handbook, Happy99 is referred to as "the first modern worm". [6] Happy99 also served as a template for the creation of ExploreZip, another self-spreading virus. [7]
The worm first appeared on 20 January 1999. [8] Media reports of the worm started coming in from the United States and Europe, in addition to numerous complaints on newsgroups from users that had become infected with the worm. [9] Asia Pulse reported 74 cases of the virus from Japan in February, and 181 cases were reported in March—a monthly record at the time. [10] [11] On 3 March 1999, a Tokyo job company accidentally sent 4000 copies of the virus to 30 universities in Japan. [12]
Dan Schrader of Trend Micro said that Happy99 was the single most commonly reported virus in their system for the month of March. [13] A virus bulletin published in February 2000 reported that Happy99 caused reports of file-infecting malware to reach over 16% in April 1999. [14] Sophos listed Happy99 among the top ten viruses reported in the year of 1999. [15] Eric Chien, head of research at Symantec, reported that the worm was the second most reported virus in Europe for 2000. [16] Marius Van Oers, a researcher for Network Associates, referred to Happy99 as "a global problem", saying that it was one of the most commonly reported viruses in 1999. [17] When virus researcher Craig Schmugar posted a fix for the virus on his website, a million people downloaded it. [18]
The worm spreads through email attachments and Usenet. [19] [20] [21] When executed, animated fireworks and a "Happy New Year" message display. [19] [22] The worm modifies Winsock, a Windows communication library, to allow itself to spread. [19] The worm then attaches itself automatically to all subsequent emails and newsgroup posts sent by a user. [23] The worm modifies a registry key to automatically start itself when the computer is rebooted. In some cases, the program may cause several error messages to appear. [24]
The worm was written by a French virus writer known as "Spanska". Other than propagating itself, the worm does no further damage to an infected computer. [25] [26] The worm typically uses port 25 to spread, but uses port 119 if port 25 is not available. [24] The executable of the worm is 10,000 bytes in size; a list of spammed newsgroups and mail addresses is stored on the infected hard drive. [22] [27] The worm spreads only if the Winsock library is not set to read-only.
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.
Klez is a computer worm that propagates via e-mail. It first appeared in October 2001 and was originated in China. A number of variants of the worm exist.
This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.
The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.
Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.
ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.
Bolgimo is a Win32 computer worm, a self-replicating computer program similar to a computer virus, which propagates by attempting to exploit unpatched Windows computers vulnerable to the DCOM RPC Interface Buffer Overrun Vulnerability using TCP port 445 on a network. The worm was discovered on November 10, 2003, and targets Windows NT, 2000 and XP Operating Systems.
Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.
Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.
W32.Navidad is a mass-mailing worm program or virus, discovered in December 2000 that ran on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It was designed to spread through email clients such as Microsoft Outlook while masquerading as an executable electronic Christmas card. Infected computers can be identified by blue eye icons which appear in the Windows system tray.
RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.
Stration is a family of computer worms that can affect computers running Microsoft Windows, disabling security features and propagating itself to other computers via e-mail attachments. This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote servers by infected machines to speed propagation. This makes detection and removal a particular challenge for anti-virus software vendors, because new signature files for each variant need to be issued to allow their software to detect them.
The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.
A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.
Anna Kournikova was a computer virus that spread worldwide on the Internet in February 2001. The virus program was contained in an email attachment, purportedly an image of tennis player Anna Kournikova.
The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, a creature from the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.
Swen is a mass mailing computer worm written in C++. It sends an email which contains the installer for the virus, disguised as a Microsoft Windows update, although it also works on P2P filesharing networks, IRC and newsgroups' websites. It was first analyzed on September 18, 2003, however, it might have infected computers before then. It disables firewalls and antivirus programs.
Gruel, also referred to by F-Secure as Fakerr, was a worm first surfacing in 2003 targeting Microsoft Windows platforms such as Windows 9x, Windows ME, Windows 2000 and Windows XP. It spread via email and file sharing networks.
{{cite journal}}
: Cite journal requires |journal=
(help)