Threat Encyclopedia
XF97/Wisab.A
Analysis
- Virus hooks Excel event handler of opening or closing
infected documents in order to run its code
- Virus was coded using Excel4 macros and contains
the following macro routines, identified in infected
workbooks via the menu Insert/Names/Define -
Auto_Close
Auto_Open
Bust
Continue
Documents_array
Hello
MakeIt
Morning
TaxTV
TaxXL
Test5
-
Each macro routine references a cell where its code is inserted as hidden content, and is not visible under normal circumstances or by using the Visual Basic Editor environment