A new macro trojan dropper has been spammed in various e-mails. The trojan arrives inside zip archives that contain an MS Word document named my_Notebook.doc.

The macro trojan activates during the opening of the document. It extracts a binary file from its code and runs it. The file is saved as C:\666inse_1.exe and is a trojan downloader.

Both the Word document and the binary executable are detected with FSAV update version 2006-06-27_07 as W97M/Kukudro.A and Small.dcu respectively.