It all started from a spam campaign. Figure 1 shows a campaign we
picked up recently from our spam traps with a suspicious document file
attachment.
...
The attachment uses the ".doc" file extension but is actually an RTF
(rich text file) file format. The file contains a specially crafted RTF
stack overflow exploit. This was determined to be the CVE-2010-3333 that
exploits the Microsoft Word RTF parser in handling the "pFragments"
shape property. This vulnerability had been patched more than half a
decade ago.
...
After a short while, SMTP network activity was observed where the system
information of the infected system was sent to the attacker's email
address.