Have you heard of the Happy Hour virus?

Filed Under: Featured, Linux, Malware, OS X, Windows

Friday afternoon fun

Vigilant Naked Security reader Betty Kann has alerted us to an online service that she felt security-conscious sysadmins ought to be made aware of.

We thought so too, but ended up on the horns of a "disclosurelemma."

That's where warning administrators in case their users access the service and thus trivialise computer security might cause users to access the service and thus trivialise computer security.

Created by an advertising agency in Boulder, Colorado, the website, called Happy Hour Virus, lets you deliberately simulate a security problem in order to leave work early.

"We expect this problem to peak on Friday afternoons," said David Ullard, the CYO of Boulder-based productivity and workplace security action group Boulder Online Regulators of Interactive Network Games. "This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser."

Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default.

HTTP over port 80 is used by hundreds, if not thousands, of American business users every year for online activities as diverse as finding recipes, making contact with people they didn't like at school but suddenly want to be friends with 23 years later, and looking up the latest dollar value of Bitcoins.

The work-avoidance simulations used by Happy Hour Virus are as follows.

Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don't get viruses and thus cannot actually crash at all:

Linux users get to simulate what happens when they accidentally mix the experimental open source kernel drivers for their oddball graphics card with the proprietary window manager support modules provided by the card vendor:

And Windows users get what actually turns out to be an anachronism - an old-school Blue Screen of Death in the wrong font:

With nearly 102.6% of IT administrators already having moved their entire business away from Windows XP onto Windows 8, months before Microsoft's offical deadline, we're surprised that the Happy Hour Virus didn't go for a more modern look:

Administrators who want to have something to do while everyone else has ducked out early thanks to the Happy Hour virus may want to ask their Change Control Committee (those who aren't already in the pub, at any rate) for a ruling on the following:

  • Blocking outbound access to any port with an "8" in it.
  • Removing all web browsers except Lynx to prevent bogus graphics from appearing.
  • Sending out an email to all staff saying, "Do NOT UNDER ANY CIRCUMSTANCES visit the website called happyhourvirus.com."

Have a good weekend!

PS. Just in case, we'd better say it. Yes, this is a joke.

PPS. Macs can get viruses, though admittedly less commonly than Windows computers, so you may as well try our free Sophos Anti-Virus for Mac Home Edition.

, ,

You might like

14 Responses to Have you heard of the Happy Hour virus?

  1. xorinzor · 686 days ago

    "Removing all web browsers except Lynx to prevent bogus graphics from appearing."

    Oh you guys.. ;)

    • Paul Ducklin · 679 days ago

      You are allowed to laugh...

      ...but it would work!

      • imanerd11 · 669 days ago

        but blocking any connection port with an 8 in it, would make visiting any website, not just happyhour, literally impossible, unless it should use its own custom-set port, but most webservers use 80 or 443.

  2. James Paulson · 686 days ago

    Scary to think that people have developed a virus for a VERY specific time. Looks like this would hit when everyone is in their cars, going home for the weekend.

  3. Heatshiver · 683 days ago

    I love the newsletter, but to say "Macs don't get viruses and thus cannot actually crash at all" is a very untrue statement. It's even odder to see the author's credentials and see this statement...

    It was a rarity for a Mac user to get a virus, but not impossible. It was rare for the fact that the Windows platform dominates the world, so why would virus creators focus on a platform where it won't get any attention?

    What's weirder is that a June 14, 2012 article entitled, "Macs and malware - See how Apple has changed its marketing message" even confirms this. An article from this site...

    Beyond that, I have crashed a Mac. As long as you don't just use it for writing, you can find ways to crash a Mac under heavy workloads (and I'm sure other methods).

    Aside from that, very informative.

    • The entire article is a satire, please see the final PPS for Paul's real views on Mac Malware.

      • Paul Ducklin · 679 days ago

        In fact, the text "cannot actually crash" is a link to an article (ironically by me :-) about crashing Macs. Application crashes, not kernel crashes, but still...

  4. MikeP_UK · 683 days ago

    Is my diary right? It's not 1st April by any chance? Is the BORING organisation really that dull?
    BTW, we've moved from Windows XP to Windows 7 as Windows 8 doesn't do it for us and our tests showed it reduced productivity by over 15%! So not all corporates have gone to W8 yet and I suspect we'll see a reluctant slide from XP to W7 rather than to W8.

  5. SumGuy954 · 683 days ago

    "With nearly 102.6% of IT administrators already having moved their entire business away from Windows XP"

    102.6% would be more than all of the IT administrators. Can we have a real number?

    • Anonymous · 682 days ago

      102.6 is a real number.

      • Paul Ducklin · 679 days ago

        Actually, the number I used was 102.6% (which just a snooty way of writing 1.026). It's not only real, it's rational!

        The reason it's more than 100% is that some admins loved Vista so much that they deliberately went back to XP so they could upgrade all over again. Thus they appear twice in the stats.

        (See the PS above.)

  6. "The road to Hell is paved with good intentions." ...See, "The Morris Worm or Internet Worm".

  7. Navitas · 681 days ago

    Easy enough. Just add "happyhourvirus.com" and it's IP into the routers restricted sites. Problem solved!

    • Paul Ducklin · 679 days ago

      Or redirect access from happyhourvirus to a Rickroll picture, with the caption, "Never going to give up trying to shirk?"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog