The email users of January 1999 were an innocent bunch. Fresh from seeing “You’ve Got Mail” at the box office, they received emails with the attachment Happy99.exe and thought nothing about double-clicking. One rather lame “fireworks” display later, most of them—like this Baltimore Sun writer—were probably rather underwhelmed. Little did they know they had infected their PCs with one of the first email worms … and sent it along to everyone in their address books.
Happy99.exe was a Trojan horse that modified system files on Windows 95/98 and NT machines, according to this CERT Incident Report. Happy99 modified the WSOCK32.DLL file, necessary for internet connectivity. Once a machine was infected, any email sent or newsgroup posting would trigger a follow-up message to the recipient containing the executable. Essentially, any activity through ports 25 or 119 would result in spread of the worm.
Results of the Happy99 Worm
While annoying—and blamed for slowdowns on large corporate networks—the Happy99 worm was more of a nuisance than anything else. It didn’t cause irreparable damage to a user’s computer; it was relatively easy to remove; and it also generated a list of spammed email addresses and newsgroups in a file called LISTE.SKA.
Thanks to information contained in the headers of Happy99-generated emails, security experts speculate that the creator of Happy99 also created the 1997 Spanska viruses, which contained political messages such as “Remember those who died for Madrid.”
Photo: Brian A Jackson/Shutterstock.com
Tech Time Warp is a weekly feature that looks back at interesting moments and milestones in tech history.