1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: W97M.Downloader Activity 30

System Infected: W97M.Downloader Activity 30

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature is to detect W97M.Downloader activity.

Additional Information

W97M.Downloader is a malicious macro that may arrive as a Word document attachment in spam emails.

The emails may have different subjects and body messages. For example:

Subject: Outstanding invoices - [RANDOM LETTERS]

Attachment: In[RANDOM LETTERS].doc

Message:

Kindly find attached our reminder and copy of the relevant invoices.

Looking forward to receive your prompt payment and thank you in advance.

Kind regards,

[NAME]


When the Word document is opened, the macro attempts to download and execute malware from a remote location.

Affected

  • Various Windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube