VIRUS ALERT! "Killer Resume" macro virus hitting corporate e-mail!

Question

VIRUS ALERT! A Word Macro Virus named "Killer Resume" is making the rounds....

Answer

This question was answered on May 27, 2000. Much of the information contained herein may have changed since posting.

A new Word Macro virus strain which is a variant of the W97M/Melissa virus with a very dangerous payload has been discovered Even though this virus is aimed at Outlook users, a part of the destruction can hit anyone that uses Microsoft Word It will most likely be sent from a friend that uses Outlook email with the following format:

----------begin email--------

Subject: Resume - Janet Simons

To: Director of Sales/Marketing,

Attached is my resume with a list of references

contained within.

Please feel free to call or email me if you have any further questions regarding my experience I am looking forward to hearing from you.

Sincerely,

Janet Simons.

«Explorer.doc»

----------end of email--------

If the file EXPLORER.DOC is opened by a user of the Outlook e-mail system, it will forward an email to all entries in all available address books.

To make things worse, this trojan will wait for the user to close the document before continuing with a more damaging payload.

On closing the document, this trojan will perform the following actions against the victim:

* try to copy itself as

"C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc"

* try to copy itself as "C:\Data\Normal.dot"

* try to delete all files in the following directories and drives in this order, making the system unusable if this occurs:

"C:\*.*"

"C:\My Documents\*.*"

"C:\WINDOWS\*.*"

"C:\WINDOWS\SYSTEM\*.*"

"C:\WINNT\*.*"

"C:\WINNT\SYSTEM32\*.*"

"A:\*.*" [may cause an error message]

"B:\*.*" [may cause an error message]

and *.* in the root of drives D: thru Z:

At the beginning of the virus code, the following comments exist but are never displayed:

'-----------------------------------------------------'

'Better You Than Me Buddy...

'.. Hope You Like My vIrUs

' :)

' :(

'-----------------------------------------------------'

DO NOT OPEN THE ATTACHMENT If the document received by email is opened, deletion of files may occur, as described above

Check with your anti-virus companies website to see if they have posted an update for this new strain.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on May 27, 2000