SecurityHome.eu W97M.Ethan.AK

Home / malware PDF

W97M.Ethan.AK

First posted on 21 November 2011.
Source: BitDefender
Aliases :
W97M.Ethan.AK is also known as W97M.Ded.K, W97M.Ded.R.
Explanation :
The virus copies itself in a temporary file, named "evolve.tmp", in the root directory (usually "C:" ).

At opening, if the virus is a macro in a ".doc" file, it infects normal.dot.
If the virus is a macro in normal template ("normal.dot"), it infects documents when they are opened.

It verifies the file macros, and it doesn't infect a macro that begins with "Private Sub Open" and ends with "End sub". So, it doesn't infect the same macro twice.

The virus doesn't have any destructive payload, it only spreads itself through Microsoft Word Application.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20