Kaspersky Threats — Illiteral

Class

Platform

Description

Technical Details

This is an encrypted Word macro virus. It contains three macros in
documents and four macros in NORMAL.DOT: AutoOpen, Nod(AutoClose),
Tiberium(FileTemplates, ToolsMacro).

The virus infects the global macros area (NORMAL.DOT) on opening an
infected document and writes itself to documents that are closed.

On Sundays as well as on entering the Tools/Macro menu the virus sets the
password for documents that depends on the current time. The virus then
displays the DialogBoxes:



Brotherhood of NOD

User error !!, replace User !!

Enter new user name here:

If User name not fill, your data will be delete !

Brotherhood of NOD

Okay

We need to restart Word First

Then the virus writes the text to the C:WINDOWSNOD.INI file:



/———————————————————-|Virus name: Brotherhood Of NOD                            |

|Origin    : Indonesia, Yogyakarta                         |

|Author    : Foxz NoMercy Members                          |

|URL     : http://www.geocities.com/ResearchTriangle/3996  |

———————————————————-/

Dear ,…

You was distrub this virus! please dont doit again

Password For  = 
I’m fair !!, I let you know the password for

Your document. Peace!! and Unity!!

–><--><--><--><--><--><--><--><--><--><--><--><--><--><--

Find out the statistics of the threats spreading in your region

Class	Virus
Platform	MSWord
Description	Technical Details This is an encrypted Word macro virus. It contains three macros in documents and four macros in NORMAL.DOT: AutoOpen, Nod(AutoClose), Tiberium(FileTemplates, ToolsMacro). The virus infects the global macros area (NORMAL.DOT) on opening an infected document and writes itself to documents that are closed. On Sundays as well as on entering the Tools/Macro menu the virus sets the password for documents that depends on the current time. The virus then displays the DialogBoxes: Brotherhood of NOD User error !!, replace User !! Enter new user name here: If User name not fill, your data will be delete ! Brotherhood of NOD Okay We need to restart Word First Then the virus writes the text to the C:WINDOWSNOD.INI file: /———————————————————-\|Virus name: Brotherhood Of NOD \| \|Origin : Indonesia, Yogyakarta \| \|Author : Foxz NoMercy Members \| \|URL : http://www.geocities.com/ResearchTriangle/3996 \| ———————————————————-/ Dear ,… You was distrub this virus! please dont doit again Password For = I’m fair !!, I let you know the password for Your document. Peace!! and Unity!! –><--><--><--><--><--><--><--><--><--><--><--><--><--><--
	Find out the statistics of the threats spreading in your region

Virus.MSWord.Illiteral

Technical Details