RED ALERT VIRUS WARNING RED ALERT VIRUS WARNING
Paul Mather
paul at GROMIT.DLIB.VT.EDU
Sat May 1 14:36:26 EDT 1999
On Sat, 1 May 1999 DASLUD at AOL.COM wrote:
=>if you are saying that the virus could have "sent itself" through shawn on
=>its own, w/o him having anything to do w/it,
Yes. When run, Happy99 infects WSOCK32.DLL in the WINDOWS\SYSTEM
directly. All Internet connectivity is handled by that DLL. When an
e-mail is sent by the user, Happy99 intervenes and also sends another
message with the same subject to the same user (or posts to the same
newsgroup), but the body of the message is a UUEncoded copy of Happy99
instead. If that user UUDecodes and successfully runs the resultant
file, his or her system will be infected, too.
So, the only thing Shawn did wrong was to get infected in the first
place (by running the attached EXE). He's not spreading around
Happy99---it's doing it itself.
BTW, as you've now gathered, it's not good form to forward manually
Happy99 onto other people. ;-)
Cheers,
Paul.
e-mail: paul at gromit.dlib.vt.edu
"I don't live today; maybe tomorrow..."
--- James Marshall Hendrix
More information about the boc-l
mailing list