virus logo Virus

XF97/Wisab.A

description-logoAnalysis

  • Virus hooks Excel event handler of opening or closing infected documents in order to run its code
  • Virus was coded using Excel4 macros and contains the following macro routines, identified in infected workbooks via the menu Insert/Names/Define -

    Auto_Close
    Auto_Open
    Bust
    Continue
    Documents_array
    Hello
    MakeIt
    Morning
    TaxTV
    TaxXL
    Test5

  • Each macro routine references a cell where its code is inserted as hidden content, and is not visible under normal circumstances or by using the Visual Basic Editor environment

Telemetry logoTelemetry

ID 324672
Released Nov 14, 2003
Description
Updated		 Nov 17, 2003
Aliases Formula97Macro/Sic.L, Macro.Excel97.Wisab, XF/Sic.gen, XF/Sic.L, XF97/Wisab-A, XM.VNN
Platform Profile Microsoft Excel formula