Class Trojan
Platform MSWord

Technical Details

This Trojan uses remote template vulnerability of MS Word 97. The URL is
sent to some IRC channels that contain a HTML file that automatically loads and
opens an MS Word document that contains reference to another MS Word template-containing Trojan macro. MS Word opens this template without any warnings.

This Trojan macro steals information from the system registry. It extracts
the registered name and company of a Windows user, information about AOL users
registered on this computer, and also account information of the Internet
Account Manager. The collected information the Trojan sends to a site on the

Find out the statistics of the threats spreading in your region