W97M/ColdApe

this page last updated 12-08-98

W97M/ColdApe

This is a Word 97 macro virus (W97M/ColdApe), which also drops VBS script files. When the payload script (VBS/ColdApe) runs, it performs 2 actions; Obtains the victim's IP address and then sends it to the virus author via Email. This renders the victim open to Internet attacks such as WinNuke, SSPING, etc. Sends a rude message via Email to the editor of an Anti-Virus magazine.

The payload script file (VBS/ColdApe) does not replicate, however the W97M/ColdApe virus also drops VBS/Happy onto the users system and this does replicate.