There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, although it’s looking like f-secure now has detection and I would suspect other AV vendors.
Essentially, one organization reported in to incidents that they were receiving emails with MS Word attachments. One user noticed that a domain name in the email wasn’t exactly correct…