Fortiguard

XF97/Wisab.A

Analysis

Virus hooks Excel event handler of opening or closing infected documents in order to run its code
Virus was coded using Excel4 macros and contains the following macro routines, identified in infected workbooks via the menu Insert/Names/Define -
Auto_Close
Auto_Open
Bust
Continue
Documents_array
Hello
MakeIt
Morning
TaxTV
TaxXL
Test5
Each macro routine references a cell where its code is inserted as hidden content, and is not visible under normal circumstances or by using the Visual Basic Editor environment

ID	324672
Released	Nov 14, 2003
Description Updated	Nov 17, 2003

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

Threat Profile

Threat Encyclopedia

XF97/Wisab.A

Analysis

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

Threat Profile

Threat Encyclopedia

XF97/Wisab.A

Analysis

Telemetry

Threat Intelligence
Center