VERY IMPORTANT

Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the same type are being distributed with text that impersonates AhnLab. The Word files confirmed this time download another Word file containing malicious VBA macro via the external URL and run it. Another difference is that the additionally downloaded Word file uses the Windows Media Player() function instead of AutoOpen() to automatically run the VBA macro. It appears the attackers adopted a measure to bypass anti-malware products that detect automatic execution of the AutoOpen() function-based macro.