Analysis by: Jennifer Gumban

ALIASES:

NA

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This is the Trend Micro generic detection for documents that contain macro scripts exhibiting suspicious behavior that may cause harm to systems. It is a general malware classification for malicious documents commonly downloaded as email attachments. However, it is uncommon for a macro script to contain a Trojan.

Historically, people used Trojans to either further their research or gain notoriety. Now, cybercriminals use Trojans to gain profit by stealing user data like banking credentials and personal identifiable information (PII). They can sell this information in the cybercriminal underground or use it to launch other attacks such as phishing.

Some Trojans, coupled with social engineering techniques, are also capable of tricking users to do other activities. FAKEAV, for example, is a notorious malware family that displays phony alerts and scanning results to scare users into buying fake antivirus software.

Trojans like RANSOMWARE can lock up files and systems, supposedly holding them captive. Users are not able to access their systems or files unless they pay ransom.

To further compromise a system’s security, these Trojans also download or drop other malware, and access URLs to send and receive commands from a remote attacker. Remote attackers can control systems and make them perform malicious actions without user knowledge. Such actions include sending spam with malicious links or attachments, or launching denial-of-service (DOS) attacks against any entity or organization.

If your Trend Micro product detects a file under this detection name, do not execute it. Delete it immediately, especially if it comes from an untrusted or an unknown source (e.g., a website of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you may submit it to us. Sample files for submission must be in .ZIP format and should be password-protected. To submit a .ZIP file, you must use file compression software like Winzip. A trial version is available here.

To compress a file, please follow the steps below:

  1. Right-click on the file and select Add to Zip.

  2. Create a file name for the .ZIP file.

  3. On the Options menu, choose Encrpyt. In the input box, type “virus”. This will serve as the password for the .ZIP file.

  4. Send the sample through the following channels:

  • For Trend Micro Premium customers, please submit a virus support case by clicking here.

  • For Trend Micro non-Premium customers, please contact your local support network by visiting your Trend Micro regional website.

  • For non-Trend Micro customers, scan your system with HouseCall, our highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware.

This Trojan arrives as attachment to mass-mailed email messages.

  TECHNICAL DETAILS

File Size: Varies
File Type: DOC

Arrival Details

This Trojan arrives as attachment to mass-mailed email messages.

Other Details

This is the Trend Micro detection for Microsoft Word documents that are compromised through the insertion of a malicious macro.

  SOLUTION

Minimum Scan Engine: 9.850

Step 1

Trend customers:

    Keep your pattern and scan engine files updated. Trend Micro antivirus software can clean or remove most types of computer threats. Malware, though, such as Trojans, scripts, overwriting viruses and joke programs which are identified as uncleanable, should simply be deleted.

All Internet users:

    1. Use HouseCall - the Trend Micro online threat scanner to check for malware that may already be on your PC.
    2. Catch malware/grayware before they affect your PC or network. Secure your Web world with Trend Micro products that offer the best anti-threat and content security solutions for home users, corporate users, and ISPs. Go here for more information on Trend Micro products that fit your needs.

Step 2

Scan your computer with your Trend Micro product to delete files detected as W2KM_GEN.F299E00B817. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.