July’s Patch Tuesday came last week, but a new Trojan detected as TROJ_DLOADER.OWO comes on its tail posing as a reminder for users to update their word processor on Windows systems.
Using one of the oldest tricks in the book, it displays a fake error message box with the following message upon execution:
Please update your version of Microsoft Word!
Its download routine is only triggered once unknowing users click on the OK button in the said box, as if it needs a user’s green light before it can proceed to infect systems. This is probably what sets it apart from other downloaders, which perform their routines immediately upon arrival. It also terminates certain security-related processes and uses the Microsoft Word icon to trick users into thinking that it is a legitimate file.
So, a word to the wise: Try not to fall for “polite” but fake messages that know just when and how to say “please,” even if it asks for your consent. Best of all, get your updates and/or patches straight from the legitimate vendors of your installed applications and beware of ever-evolving social engineering techniques.