Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W97M/Marker.EJ

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published 27 Jun 2000 03:00:00
Description created 28 Aug 2000 03:00:00
Description updated 15 Nov 2001 04:57:00
Malware type VIRUS
Alias
Spreading mechanism FILE_INFECTION
Summary None

W97M/Marker.EJ

Spreading

W97M/Marker.EJ is a small virus. The first actions taken by the virus is disabling the Virus protection in Word. After that, the virus will perform its payload. This is done every time a document or template is closed. Next, W97M/Marker.EJ will check if the global template Normal.Dot is already infected, and if the opened document is already infected. To prevent re-infection, the virus uses a constant marker at the start of the viral code. If the template or document does not contain the marker, they will be infected.

Payload Details

W97M/Marker.EJ contains two payloads.

Every time a document or template is closed, the virus will check the date. If it the month is July and the day is 23rd or later, the virus will caption in the title bar of the window from "Microsoft Word" to "Happy Birthday Shankar-25th July. The World may Forget but not me".

Furthermore, the next message box will be shown:


(Image not available)


If answered Yes, the virus will display


(Image not available)


If answered No, the virus will display

(Image not available)


However, the virus will not punish you.

Whenever you create a new document on the above-mentioned date, the virus will show the next Message Box:


(Image not available)

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15