1 March 2014

SRA virus - technical information

This relates to the SRA virus posting on this blog.

The virus is not a conventional attachment, it is delivered thus:
  1. The Word document (sra.dcom) contains long strings of hidden text which are obviously program code.
  2. When the document is opened (security levels permitting) then it runs a macro (think of it as a little App) which also hidden within the document. 
  3. The macro reads through the document and uses this to construct a program which is written to the hard drive of the computer.
  4. This newly created program (the virus or trojan) is then executed.

No comments:

Post a Comment