VirusW97M/Surround.A
Analysis
- Virus consists of one macro module named "Surround"
- Virus hooks Word event handlers which prevents
the opening or closing of documents
- On December 29th, virus attempts to delete files
matching this wildcard-
"C:\WIN*\win.com"
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |