Class | Virus |
Platform | MSWord |
Description |
Technical Details
After infecting a document or installing into the system the virus takes a random selected word from document and moves it to random selected position. The virus repeats that up to three times depending on the random counter. Then it also depending on the random counter inserts the string “wazzu ” at random selected position within document.
The virus modifies the document with the probabilities (p): replacing words – three times with p=1/5, inserting “wazzu” – p=1/4. Wazzu-related virusesThe original “Wazzu” (“Wazzu.a”) virus is one of the most widespread viruses on the world. The possible reason is that this virus was placed on the Microsoft WWW site, infected documents also were (are) distributed on several CD disks. As a result there are several dozens of related viruses, and the number of such related viruses is increasing every month. Below short descriptions are given, to name viruses CARO standard names are used (AVP does detect and disinfect majority of these viruses as “Wazzu.a”).
“Wazzu.c,t,ac” do not manifest themselves in any way – they have no Payload subroutine (RndWord subroutine presents in virus, but is never called).
“Wazzu.k” is corrupted “Wazzu.a”.
“Wazzu.y,z” are the same as “Wazzu.a”, but code of these virus is slightly modified, for example all TAB (09h) symbols are replaced with 8 spaces in “Wazzu.y”. |
Find out the statistics of the threats spreading in your region |