W97M/Opey.A
Analysis
- Virus consists of one macro module named "A_OPEY_03"
- Virus hooks Word event handlers which prevents
the opening, saving, creating, printing and closing
of infected documents, or exiting Word
- On certain holidays, virus appends "echo"
statements to AUTOEXEC.BAT
December 25 or January 01
"@echo off"
"echo MERRY CHRISTMASS AND A HAPPY NEW YEAR !!!"November 01
"@echo off"
"echo HAPPY HALLOWEEN !!!"February 14
"@echo off"
"echo HAPPY VALENTINES DAY !!!"Additionally, these two lines are appended-
"echo from: OPEY A."
"pause"
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |