Recently a new worm has been reported several places in the world. This is called Win32.Ska.A. It is also known as HAPPY99.EXE and SKA.EXE.

A user is most often attacked by this worm by opening an e-mail attachment or downloading and running a binary file from news groups. The sender of the e-mail is usually not aware of the fact that he/she is sending a worm.

When Win32.Ska.A is run fireworks are displayed on the user's screen.

The worm copies itself to Windows' SYSTEM directory, modifies WSOCK32.DLL and changes Registry settings.

The final result is that when an attacked user sends e-mails and/or news group postings the worm is attached to these postings.

Newer versions of Norman Virus Control detects the worm Win32.Ska.A.

Per Olav Førland