Black Monday

Yes... we know the labels are Black Friday and Cyber Monday.  However, a Microsoft Word document with malicious macro is propagating across the Internet this morning (Raytheon|Websense File Sandbox Report here) with only 1 of 54 AntiVirus Engines protecting... hence Black Monday:

Question - with such a poor detection rate by the AV Engines, and, our inability to outright block all incoming Microsoft Files (as our User Communities would scream)... what are you to do?  Assuming you're not already protecting yourself with a Raytheon|Websense APX Solution, you may need to scour your firewall logs for the phone home back to the botnet on TCP Port 2448  :-(