When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.Systems infected with the Trojan horse are said to enable malicious attackers to perform a variety of tasks, including reading, writing, deleting, and searching for files and directories, starting and closing programs, modifying the Windows Registry, taking screenshots, and shutting down Windows. The Trojan also phones home to China to report information about infected systems. The CTO for security company Exploit Prevention Labs claims this type of attack "feels like espionage, perhaps industrial."
"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.