Class
VirTool
Platform
MSWord

Parent class: Malware

Malicious tools are malicious programs designed to automatically create viruses, worms, or Trojans, conduct DoS attacks on remote servers, hack other computers, etc. Unlike viruses, worms, and Trojans, malware in this subclass does not present a direct threat to the computer it runs on, and the program’s malicious payload is only delivered on the direct order of the user.

Read more

Class: VirTool

VirTool programs can be used to modify other malicious programs so that they cannot be detected by antivirus software.

Read more

Platform: MSWord

Microsoft Word (MS Word) is a popular word processor and part of Microsoft Office. Microsoft Word files have a .doc or .docx extension.

Description

Technical Details

This is a utility to insert executable binary files to Word macros. This utility itself is a template with only one AutoOpen macro inside. When run, this macro creates the new document WWVIRUS.DOC in the newly created C:VIRUDEMO directory, creates the VirExeData in this document, gets a EXE file, converts it to text data by using a filter, then puts this data into VirExeData macro. Then this document is able to convert the text data back to EXE file and execute it. As a result, the new document is an EXE file dropper.

The tool comments each operation with MessageBoxes. The first MessageBox contains the following text:

This installation will make 4 items
1)A directory C:VIRUDEMO
2)Macro VIRAUTOOPEN in the Global template
3)Macro VIREXEDATA  in the Global template
4)An initial virus document WWVIRUS.DOC
Whenever asked you must SAVE them.

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.