Subject: Info about Happy.99 Virus.
To: None <port-vax@netbsd.org>
From: Anders Hogrelius SdU <elt96ahs@mds.mdh.se>
List: port-vax
Date: 04/17/1999 21:55:40
A bit off topic, but for those interrested, this is the info available
on www.sophos.com about the virus reported on the mailinglist.
Virus Name: W32/Ska-Happy99.
Aliases: None known.
Type: Windows 32 infector.
Resident: No.
Stealth: No.
Trigger: None.
Payload:
The virus hooks the 'send' function in wsock32.dll, so that all outgoing
mail will have a copy of the virus attached.
Comments:
This virus modifies wsock32.dll, so that when an email is sent, a second
message containing the virus is sent also. The virus will also drop
ska.exe and ska.dll. If you find the virus in ska.exe, ska.dll or
Happy99.exe, we recommend running SWEEP again in Full Mode to detect
changes in wsock32.dll.The virus also copies the original wsock32.dll to
wsock32.ska. It creates the file liste.ska which is a list of the mail
addresses to which Happy99.exe is sent. It uses liste.ska to ensure that
it mails Happy99.exe to each address only once.
/Anders
--
Microsoft is not the answer,
Microsoft is the question,
the answer is NO!
*******************************************************************
* Anders Hogrelius SdU Phone : +46 21 381860
* Tessingatan 12 E-mail: elt96ahs@mds.mdh.se
* 72216 Vasteras