On December 1, 2005, two e-mail messages were sent from a computer in Western Australia to members of two different human rights organizations. Each e-mail message carried a Microsoft Word document with a previously unknown exploit that would take control of the targeted person’s computer and open up a beachhead into the group’s network.
“If you haven’t noticed these attacks and you are a big company, you have likely already been attacked,” Shipp told attendees at the Virus Bulletin 2006 conference. “Your problem is no longer how do I avoid being attacked, but how do I find where I’ve been compromised.”
Read more here.