Kaspersky Threats — Illiteral

Class

Platform

Description

Technical Details

This is an encrypted Word macro virus. It contains three macros in
documents and four macros in NORMAL.DOT: AutoOpen, Nod(AutoClose),
Tiberium(FileTemplates, ToolsMacro).

The virus infects the global macros area (NORMAL.DOT) on opening an
infected document and writes itself to documents that are closed.

On Sundays as well as on entering the Tools/Macro menu the virus sets the
password for documents that depends on the current time. The virus then
displays the DialogBoxes:



Brotherhood of NOD

User error !!, replace User !!

Enter new user name here:

If User name not fill, your data will be delete !

Brotherhood of NOD

Okay

We need to restart Word First

Then the virus writes the text to the C:WINDOWSNOD.INI file:



/———————————————————-|Virus name: Brotherhood Of NOD                            |

|Origin    : Indonesia, Yogyakarta                         |

|Author    : Foxz NoMercy Members                          |

|URL     : http://www.geocities.com/ResearchTriangle/3996  |

———————————————————-/

Dear ,…

You was distrub this virus! please dont doit again

Password For  = 
I’m fair !!, I let you know the password for

Your document. Peace!! and Unity!!

–><--><--><--><--><--><--><--><--><--><--><--><--><--><--

Class	Virus
Platform	MSWord
Description	Technical Details This is an encrypted Word macro virus. It contains three macros in documents and four macros in NORMAL.DOT: AutoOpen, Nod(AutoClose), Tiberium(FileTemplates, ToolsMacro). The virus infects the global macros area (NORMAL.DOT) on opening an infected document and writes itself to documents that are closed. On Sundays as well as on entering the Tools/Macro menu the virus sets the password for documents that depends on the current time. The virus then displays the DialogBoxes: Brotherhood of NOD User error !!, replace User !! Enter new user name here: If User name not fill, your data will be delete ! Brotherhood of NOD Okay We need to restart Word First Then the virus writes the text to the C:WINDOWSNOD.INI file: /———————————————————-\|Virus name: Brotherhood Of NOD \| \|Origin : Indonesia, Yogyakarta \| \|Author : Foxz NoMercy Members \| \|URL : http://www.geocities.com/ResearchTriangle/3996 \| ———————————————————-/ Dear ,… You was distrub this virus! please dont doit again Password For = I’m fair !!, I let you know the password for Your document. Peace!! and Unity!! –><--><--><--><--><--><--><--><--><--><--><--><--><--><--

Virus.MSWord.Illiteral

Technical Details