W97M/Marker.O

Analysis

• Virus consists of one macro module within the class storage
  
• Virus hooks Word event handlers which prevents the closing of infected documents
  
• Polymorphic by inserting unique user information as comment lines at end of virus code
  
• Virus searches the macro storage of host files for the string
  ":-D you are marked!"
  which exists in the virus body, as a means to determine if the host file is already infected