This is a Word 97 macro virus (W97M/ColdApe), which also drops VBS script files. When the payload script (VBS/ColdApe) runs, it performs 2 actions; · Obtains the victim's IP address and then sends it to the virus author via Email. This renders the victim open to Internet attacks such as WinNuke, SSPING, etc. · Sends a rude message via Email to the editor of an Anti-Virus magazine.
The payload script file (VBS/ColdApe) does not replicate, however the W97M/ColdApe virus also drops VBS/Happy onto the users system and this does replicate.
