Word Malicious Document

The infected file is distributed via email. Having opened the document, the victim unsuspectingly launches a dropper, which, in turn, downloads a multi-component malicious application. The virus covertly collects the credentials of victims with MS Outlook and Internet Account Manager, steals passwords stored in the Firefox browser, as well as other information that identifies the user.

The text in the Word document contains background information about the Security Forum of the Association of Southeast Asian Nations (ASEAN) and is written in Russian.


The virus sends all the stolen information to one of the legitimate Korean websites in unencrypted form. The employees of the Peoples' Friendship University and the ITAR-TASS news agency have already become victims of the malicious application.
More information on the virus research report can be found at classmates hack

According to recent reports, many antiviruses on the Virus Total list already detect a malicious dropper like Win32.Daws.