WordMacro/Atom was found in February 1996. It's operating mechanism
is quite similar to WordMacro/Concept, with the following
o All the macros in this virus are encrypted (Word's
o The virus replicates during file openings as well, in
addition to saving files
o The virus has two destructive payloads
First activation happens when the date is December 13th. At this
date the virus attempts to delete all files in the current
Second activation happens when a File/Save As command is issued and
the seconds of the clock are equal to 13. If so, the virus will
password-protect the document, making it unaccesible to the user in
the future. The password is set to be ATOM#1.
It is not easy to give a search string for this virus: some of the
replicants are usually in files password-protected by the virus, and
thus contain no constant user-definable search string.
Disabling automacros will make Atom unable to execute and spread.
Turning on the Prompt to save NORMAL.DOT setting will make Atom
unable to infect NORMAL.DOT, but it will still be able to infect
documents that are opened or saved during the same Word session.
WordMacro/Atom is not known to be in the wild.
Do note that some versions of PC-Cillin have had false alarms
of 'WORD.ATOM' virus on some Java tutorial files.