WM/Copycap.A

description-logoAnalysis

  • Viral consists of 11 macros and is infectious in the Word6/7 environment
  • Virus hooks the Word event handler which prevents the opening, saving or closing of infected documents
  • Virus name is derived from a similarity found between this family and another, named WM/Cap
  • Virus contains these comments in the main macro module named "CAP" -

    'C.P.A.V: Comp5t4r Po1nt 4nti Viru5.. Bye..Bye..
    '"4L13n'5" (eN4nk1Y@http://WWW.Comp5t4r.com/ed.id.).
    'Chiepoe that, 14iN, Dic 2000.
    'P.D. Aug igal ngisup nad StreSS!!! Alig ul .. taub Suriv Orcam ..!

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR