The ISC is reporting that executives are being selected and sent email with malicious agents embedded in WORD documents. While AV scanners can detect these, a narrowly targeted attack may be well tested by the senders to ensure it gets past AV software. Additionally, many companies may not be blocking either ZIP or DOC based attachments.
Corporate executives would always be concerned over any "official looking" email from the IRS, Better Business Bureau, Federal Trade Commission, etc. The well socially engineered attack is not prevelant in-the-wild, but it is a growing concern. The main goal could be to gain confidential information, passwords, or even scam the company potentially.
All untrusted documents or web links must be avoided. Malware authors can copy true HTML from the website (or email) and create a document appears genuine in every respect. Sometimes they can't spell and that's a clue, but lately many items I've seen are very official looking.
EXAMPLE: I recently received in my bulk mail filters, a hallmark greeting card invitation that was so authentic, that I felt it was truly a congratulatory e-card from a friend. Having developed web pages for over a decade, I explored the underlying code. Everything was geniune, except for the main link with pointed to a numerical IP address. There was also a malicious POSTCARD.EXE downloader trojan horse as part of the web address. I closed out of the HTML edit session and browser and deleted this one immediately.
RECOMMENDATION: As a counter-measure, everyone should cross-check email messages from the IRS, government authorities, banks, credit card agencies, stockbrokers, billing entities, software vendors, etc. directly by phone or otherwise. Never take action on an email message alone and always be very careful to avoid any attachment or web links that might be present in unexpected or suspicious documents.
Corporate Executives targeted in Focused Security Attacks
This is another word “document” with a malicious embedded object similar to the BBB, IRS, FTC and other targeted trojan “documents”. A word of caution: Do NOT open strange documents or run untrusted binaries on a machine you don’t wish to format and reinstall the OS on!