| Port No | 2702 |
| Service Name | BLACK |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This non-desctructive macro virus infects workbooks opened in Microsoft Excel 95. Every 13th of the month, the virus displays any of the following text strings: Black Friday in Nov 1998 The Blood Sucker Army have killed our people & our students in Semanggi Clash [XF.Semanggi] brought to you by CrazH of NoMercyVirus Team Oct '98 |
| Reference Link | BLACK |
| Attack | Details:: The virus activates when a workbook is opened or closed in Microsoft Excel 95. The virus drops a copy of itself in the exact path:C:\MSOFFICE\OFFICE 95\EXCEL\XLSTART\xl5glry.xls to enable itself to run whenever Excel 95 is executed. The virus checks if the current workbook has a module named BlackFriday. If it doesn't, the virus creates the module BlackFriday and copies itself to it. Then, the virus hides the module so it cannot be viewed when the infected file is opened. Every 13th of the month, the virus displays any of the following text strings: Black Friday in Nov 1998 The Blood Sucker Army have killed our people & our students in Semanggi Clash [XF.Semanggi] brought to you by CrazH of NoMercyVirus Team Oct '98 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.