oday we had an interesting sample shared with us. It was a MicrosoftWord document which, when opened, was simply crashing Word. We triedusing various combinations of Word versions, patches and languages, andin each case (with the exception of Office 2007) opening the documentwould cause Word to crash. After taking a closer look, we could seethat the document contained shell code and three other pieces ofmalware. What was interesting about the document was that it wasn't inOLE format, meaning that it wasn't a standard Microsoft Office document.
After some investigation we determined that the document hadactually been created using Word for Macintosh. Here you can see thedifference between the header in an OLE (Windows) format documentcompared to that of a Mac format document:
