These downloaders are constantly changing, meaning that by the time a virus definition is written to stop them, a new variant has been released.
For more details on many of these attacks seen in the wild, see:
|For more information on a comprehensive defense, please read the Connect article Support Perspective: W97M.Downloader Battle Plan|
If Macros are not needed during normal business operations, consider blocking Macros from the internet entirely using a Group Policy Object. This article from Microsoft contains details on how to enable a GPO to block internet based Macros. If the Macro cannot execute, the end user cannot become infected, regardless of whether the original document was detected as malicious by AntiVirus solutions.
Enable Advanced heuristics detection. This technology has been effective at blocking many of these Downloaders:
Make sure “Bypass scanning of container file(s)" is not checked, as this will defeat the purpose of the rule.
It is highly recommended to set this rule to “Quarantine” so that any legitimate documents caught by this rule can be released to the end user if necessary, but the malicious content contained in these file types is not allowed through to the end user.