WM.BigDaddy

Printer Friendly Page

Updated: February 13, 2007 11:46:04 AM


WM.BigDaddy is a macro virus that is believed to have originated in Germany or Austria.

WM.BigDaddy consists of two macros:

  • Gangsterz
  • Paradise

Antivirus Protection Dates

  • Initial Rapid Release version December 20, 2000
  • Latest Rapid Release version December 20, 2000
  • Initial Daily Certified version December 20, 2000
  • Latest Daily Certified version December 20, 2000

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: February 13, 2007 11:46:04 AM


The Gangsterz macro infects the current directory and drops a batch file, called XOP.BAT, that copies itself over all batch files in the current directory. This happens every time the macro is run.

The Paradise macro infects every time it is run, and also inserts the text into the current document if it is executed on January 15th:


    Big_Daddy_Cool Virus generated by NJ

Both macros reconfigure the keyboard so the Gangsterz macro is run whenever the spacebar is pressed, and the Paradise macro is run whenever “e” is entered. Since both macros are capable of reproducing the WM.BigDaddy virus, the global template and other open documents are infected whenever the spacebar is pressed or "e" is entered in a window containing an infected document. Once the global template is infected, the virus spreads whenever the spacebar is pressed or "e" is entered.