W32.ZedMac.Kit


Aliases: Constructor.Win32.ZedMac.10, Kit-ZWMVC, Win32.HLLM.Generic.160, Troj/ZWM-Kit 
Variants: Constructor:Win32/Zedmac.1_0, TROJ_MACDEZ.A,  Kit/ZedMac.10,  Win32:Trojan-gen., Trojan.Constructor.Zedmac.1.0

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 07 Apr 2003
Damage: Low

Characteristics: The W32.ZedMac.Kit program is a program that creates user configurable macro viruses, which infect Microsoft Word Documents. The particular word documents that are generated by W32.ZedMac.Kit are detected under generic detection of a Macro Component. W32.ZedMac.Kit affects windows operating system such as Windows 98, Windows 2000, Windows Me, Windows XP and Windows NT.

More details about W32.ZedMac.Kit

The Trojan horse is a Win32 console application, which creates user configurable macro viruses. This virus infects Microsoft Word Documents. The macro viruses that the Trojan creates may have the properties such as “infection routine occurs on either the closing or the opening of Word documents”, “macro accessible menus can be disabled” and “virus can propagate using Mirc, Microsoft Outlook, Virc, and Pirch. The payload of the virus that it creates could be triggered upon execution, on a particular day of the year, or at random. These payloads may display random colors, Disable the shutdown menu, Display the Word Assistant , Display a message, Open and close the CD-ROM drive, Run random games, Password-protect documents, Delete documents, Change the Windows user name, Change the Microsoft Word user name, and Disable the mouse.

The W32.ZedMac.Kit software can execute commands in the computer without the user’s consent. This can include launching or closing installed programs. Data files may also be moved, copied, or deleted. The user’s activities can be monitored and reported to a remote server. This application can also search for specific information in the system. Security software firms report the program may target the registration keys for online games. These are typically used to crack retail software. Commercially available programs can be used free by using the stolen data.