1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: W97M.Downloader Activity 36

System Infected: W97M.Downloader Activity 36

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature is to detect W97M.Downloader activity.

Additional Information

W97M.Downloader is a malicious macro that may arrive as a Word document attachment in spam emails.

The emails may have different subjects and body messages. For example:

Subject: Outstanding invoices - [RANDOM LETTERS]

Attachment: In[RANDOM LETTERS].doc


Kindly find attached our reminder and copy of the relevant invoices.

Looking forward to receive your prompt payment and thank you in advance.

Kind regards,


When the Word document is opened, the macro attempts to download and execute malware from a remote location.


  • Various Windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube