A creatively abusive virus could contrive to wait until a word processor “saved,” or “closed” a document, and take that opportunity to substitute misspellings and grammatical errors.
Rather than employ a “mad-libs” type substitution of one verb for another, or nouns for nouns, such as a spam dodger might do, it could marginalize either a targeted user, or an entire polity, by changing grammar with mistakes common to Asian usage, or Russian, or Middle Eastern.
The purpose of awaiting the “close” instruction, would be to by-pass the final editorial inspection of the user, before ending his or her efforts, effectively portraying him or her as ignorant (as is common with first generation immigrants,), professionally lazy, or editorially slip-shod.
All “Open Source” software is vulnerable to this kind of tampering.
A precaution would be to provide the hash value of a very ubiquitous message digest algorithm, and recertify the hash value posting daily, at the server. Interested users could reasonably hope to check the hash value at download.
This precaution would work better for programs that are no longer updated with improvements. Furthermore, it might be possible to tamper installations at some later date.