Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- August 8, 1998
- Updated:
- February 13, 2007 11:35:25 AM
- Also Known As:
- Class.Poppy, W97M.Class
- Type:
- Macro
One of the first of the W97M families of virus that works well under Microsoft Word 97, SR1, this polymorphic W97M macro virus does not add a new VBA5 module. Instead, it adds its viral code to the "ThisDocument" VBA5 module, which by default is always in Word 97 documents and templates. It also uses various stealth techniques, such as a do-nothing ToolsMacro.
Most variants have a payload that displays messages on certain dates of the year. The "D" variant modifies the Windows registry, replacing the registered owner with the name of the virus writer.
Antivirus Protection Dates
- Initial Rapid Release version August 8, 1998
- Latest Rapid Release version July 20, 2009 revision 052
- Initial Daily Certified version August 8, 1998
- Latest Daily Certified version July 20, 2009 revision 065
- Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Low
Distribution
- Distribution Level: Low
