Comment Re:Another aspect of this mystery (Score 1) 229
The assumption is that it allows detection of the installation of the virus via a web-browser.
As the virus seems to be only installed on certain machines with known paths, and those paths can be exposed through Microsoft Office document files, it is possible that whoever targeted this attack had received a MS Office document, that told them who to target. I would not be entirely surprised if the font was used to detect installation on the target PC through either the virus using it in a office document as a file - or possibly even through printed material generated by the target machine.