W2KM_GEN.F299E00B817

This is the Trend Micro generic detection for documents that contain macro scripts exhibiting suspicious behavior that may cause harm to systems. It is a general malware classification for malicious documents commonly downloaded as email attachments. However, it is uncommon for a macro script to contain a Trojan.

Historically, people used Trojans to either further their research or gain notoriety. Now, cybercriminals use Trojans to gain profit by stealing user data like banking credentials and personal identifiable information (PII). They can sell this information in the cybercriminal underground or use it to launch other attacks such as phishing.

Some Trojans, coupled with social engineering techniques, are also capable of tricking users to do other activities. FAKEAV, for example, is a notorious malware family that displays phony alerts and scanning results to scare users into buying fake antivirus software.

Trojans like RANSOMWARE can lock up files and systems, supposedly holding them captive. Users are not able to access their systems or files unless they pay ransom.

To further compromise a system’s security, these Trojans also download or drop other malware, and access URLs to send and receive commands from a remote attacker. Remote attackers can control systems and make them perform malicious actions without user knowledge. Such actions include sending spam with malicious links or attachments, or launching denial-of-service (DOS) attacks against any entity or organization.

If your Trend Micro product detects a file under this detection name, do not execute it. Delete it immediately, especially if it comes from an untrusted or an unknown source (e.g., a website of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you may submit it to us. Sample files for submission must be in .ZIP format and should be password-protected. To submit a .ZIP file, you must use file compression software like Winzip. A trial version is available here.

To compress a file, please follow the steps below:

1. Right-click on the file and select Add to Zip.

2. Create a file name for the .ZIP file.

3. On the Options menu, choose Encrpyt. In the input box, type “virus”. This will serve as the password for the .ZIP file.

4. Send the sample through the following channels:
   

• For Trend Micro Premium customers, please submit a virus support case by clicking here.

• For Trend Micro non-Premium customers, please contact your local support network by visiting your Trend Micro regional website.

• For non-Trend Micro customers, scan your system with HouseCall, our highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware.

This Trojan arrives as attachment to mass-mailed email messages.

Arrival Details

This Trojan arrives as attachment to mass-mailed email messages.

Other Details

This is the Trend Micro detection for Microsoft Word documents that are compromised through the insertion of a malicious macro.