Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
Another day, another Microsoft Office vulnerability so big that cyber-criminals can drive a truck through it. This one is called uWarrior (the u standing for Utility), and it is a Trojan horse virus which connects your computer to a botnet of other infected computers. How does it try to get through your front door? By hiding itself in an infected Microsoft Office document.
The details of the malware are long and technical, but the short version is that Palo Alto Networks is calling the code “new and complex” and “weaponized”. That doesn’t sound good.
Despite Microsoft having issued a patch for this hole back in April, many people have not updated their version of Office, especially the Enterprise versions. So this means that the cyber-baddies are milking this weakness in peoples Microsoft Office suites for as long as it lasts. Kaspersky is reporting that uWarrior is emanating from an “unknown actor of Italian origin”. So Monica Bellucci is spamming people now? The virus seemingly has Italian language strings in it, strengthening suspicions that the virus is coming from that country.
So How Does This Trojan Present Itself?
As explained above, uWarrior is a “weaponized RTF document”. It is sent to you by email, and the hackers obviously hope that some people will blindly click on the file without thinking about it first. If you have done that sort of thing before, there’s no need to be embarrassed. I did it myself once. In my defense, I had just woken up and had one foot in CuckooLand. Thankfully, I was able to fix the problem quickly.
So you get the email and proceed to open it, and that is when uWarrior is installed. Once it gets into your system, it attaches itself to Windows Update and a file called SVC Host. Then it jumps onto your bootloader files. It takes over your computer to make it part of a much bigger botnet. If you want an analogy, think of all the Borg in Star Trek, plugged into the same “collective”. I can’t help but come up with a Star Trek analogy. I’m a total geek, what can I say?
It’s at this point that you have a problem.
So What Do I Do About It Then?
The first thing to say is this. Prevention is better than the cure. This means you should never, ever open an email file from someone you don’t know. It doesn’t matter if it claims to be your bank, your credit card company, your brokerage account, your PayPal account, your Ashley Madison account, whoever. If you don’t know them, do not open any attached files. Any legitimate financial institution or “dating” service will not send you files like that.
Plus, keep an eye out for the following file names :
- Anti-Money Laundering & Suspicious cases.doc
- Information 2.doc
Start Scanning Your System
If you see any of those, delete the emails immediately, and run a virus and malware check to be absolutely safe. If you don’t have any anti-virus and malware software installed on your computer, change this situation immediately. If you need an anti-virus recommendation, I highly suggest AVG’s free virus scanner. It has never let me down once.
But if for some reason you don’t want to install AVG, there are of course many other options out there to choose from. We checked out 10 possibles here, but Matt explains why you should not settle for Microsoft Security Essentials. Joel has also recommended some one-time scan anti-virus tools (because he’s a nice guy like that).
If you find malware on your computer, then don’t fret. We have you covered there too. Brian has given you the complete malware removal guide. If that doesn’t work, then Aaron has ten more tricks up his sleeve for you to try. And Tina has profiled three malware removal tools for you to use.
It’s Too Late! The Monster Is Loose!
But if it’s too late, if you have already clicked on the file and released the Kraken, then you need to act fast. While a total disinfection using a competent anti-virus suite should clean things up, some prefer the nuclear option.
Malware Disinfection: Nuclear Option
Disconnect your computer from the Internet to begin with. Then you have two choices: take it to a shop to get it fixed, or do it yourself. In my opinion, the safest method would be to totally wipe the hard drive and reinstall the operating system. If you don’t, you will always have that nagging doubt in the back of your mind – “did I catch it all? Is it really gone?”
This is also a good advertisement for the importance of keeping regular backups of your computer files. If something like this does suddenly happen, and you need to quickly wipe your drive, you need to have copies of your files onhand someplace else. Backing up daily to a removable hard drive is the recommended solution to this one.
Have you come across this virus? If so, tell us in the comments below. How did it affect your computer?