F-Secure has been tracking a series of sophisticated, very targeted attacks against large European corporations in recent months. All have used malicious Word file attachments to install malicious programs on corporate networks. The attacks, sometimes referred to as "spear phishing" attacks, use e-mail messages that appear to come from within a company, with spoofed sender addresses and even faked corporate letterhead information. The messages are sent to employees within the company, who are tricked into opening the attachment, believing it comes from a colleague, Hypponen said.

Microsoft Word and other Office applications are a good target, because they are ubiquitous on corporate computers, and because companies often patch them far less frequently than the Windows operating system itself, he said.

"Its not unusual to have a fully patched Windows system running a version of Word that hasn't been patched for a year or more," he said.

Symantec advised customers to block Microsoft Word document attachments in e-mail and said users should use "extreme caution" when they receive an unexpected Microsoft Word attachment.

Until signatures are developed for the latest Word exploit, gateway and desktop antivirus software will not be able to detect it. However, attacks that use older exploits should be stopped by most antivirus products, Hypponen said.